!exploitable Crash Analyzer – MSEC Debugger Extensions – !exploitable (pronounced “bang exploitable”) is a Windows debugging extension (Windbg) that provides automated crash analysis and security risk assessment. The tool first creates hashes to determine the uniqueness of a crash and then assigns an exploitability rating to the crash: Exploitable, Probably Exploitable, Probably Not Exploitable, or Unknown. There is more detailed information about the tool in the following .pptx file or at http://www.microsoft.com/security/msec. Additonally, see the blog post at http://blogs.technet.com/srd/archive/2009/04/08/the-history-of-the-exploitable-crash-analyzer.aspx, or watch the video at http://channel9.msdn.com/posts/PDCNews/Bang-Exploitable-Security-Analyzer/.
API spying utilities are the most powerful tools for exploring the internal structure of applications and operating systems. They provide tons of information and enable the user to explore the “guts” of the application under test. Unfortunately, most API spying utilities can monitor only one application at a time and also have the tendency to break apart when used with large pieces of code. APISpy32 is a different type of API interceptor which solves most of these problems. It monitors API calls made by ALL active Windows applications and logs the values of input parameters. This version works under Windows 9x/NT/2000 and ME.
Download local version of APISpy32.
Homepage
This utility will continuously track the focus input. It updates itself every second, displaying information about the window, which currently has focus. In a sense it is very similar to the popular SPY++ utility from the Developer Studio package, but it is easier to operate and may give you faster results.
Download local version of FocusFlasher.exe (source code)
Homepage
WinSpy++ is a handy programmer’s utility which can be used to select and view the properties of any window in the system. WinSpy is based around the Spy++ utility that ships with Microsoft Visual Studio.
Download local version of WinSpy++ 1.7 (source code).
Homepage
!exploitable (pronounced “bang exploitable”) is a Windows debugging extension (Windbg) that provides automated crash analysis and security risk assessment. The tool first creates hashes to determine the uniqueness of a crash and then assigns an exploitability rating to the crash: Exploitable, Probably Exploitable, Probably Not Exploitable, or Unknown. There is more detailed information about the tool in the following .pptx file or at www.microsoft.com/msec.
This tool was created by the Microsoft Security Engineering Center (MSEC) Security Science Team. For more information on MSEC and the Security Science team, please visit www.microsoft.com/security/msec. To see what’s being worked on presently, visit the Security Research and Development blog at blogs.technet.com/srd/.
The project home page
