Created
August 1, 2013 07:57
-
-
Save nmcv/6129331 to your computer and use it in GitHub Desktop.
Batch script for standalone usage of MSEC extension of WinDBG (!exploitable). Good if you have a bunch of crash reports and you need to analyze them thru in bulk. Original @ http://msecdbg.codeplex.com/discussions/56156
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @echo off | |
| setlocal ENABLEEXTENSIONS | |
| @REM get local Path of script | |
| for /F %%I in ("%0") do set localDir=%%~dpI | |
| @REM Check for MSEC.dll in current directory, and in script directory | |
| if not exist .\msec.dll ( | |
| if not exist %localDir%\msec.dll ( | |
| echo. | |
| echo MSEC.dll not in current directory, please copy MSEC.dll locally and | |
| echo rerun classify.bat. | |
| echo. | |
| goto error | |
| ) else ( | |
| set msecPath=%localdir%\msec.dll | |
| ) | |
| ) else ( | |
| set msecPath=.\msec.dll | |
| ) | |
| @REM Check that cdb.exe is in the path or local directory | |
| WHERE /Q cdb.exe | |
| IF ERRORLEVEL 1 ( | |
| echo. | |
| echo cdb.exe was not found in the local directory or path | |
| echo. | |
| goto error | |
| ) | |
| @REM Validate First Parameter | |
| if /i "%~1" EQU "" goto Usage | |
| if /i "%~1" EQU "/?" goto Usage | |
| if /i "%~1" EQU "-?" goto Usage | |
| if /i "%~1" EQU "/help" goto Usage | |
| if /i "%~1" EQU "-help" goto Usage | |
| if not exit "%~1" ( | |
| echo. | |
| echo "%~1" could not be found. | |
| echo. | |
| goto error | |
| ) | |
| @REM Validate second Parameter | |
| if /i "%~2" EQU "" goto Usage | |
| if exist "%~2" ( | |
| dir /a:d "%~2" > nul | |
| IF ERRORLEVEL 1 ( | |
| echo. | |
| echo "%~2" is a file, the second paremeter should be a directory | |
| echo. | |
| goto error | |
| ) | |
| ) | |
| @REM ERROR Checking Is Over | |
| set Hash= | |
| set Type= | |
| set Exploitability= | |
| set tempLog=.\ExploitableLog-%random%.Log | |
| cdb -z "%~1" -a%msecPath% -c ".symfix+; .reload; .logopen \"%tempLog%\";!exploitable -m;.logclose;q" | |
| for /f "tokens=1* delims=:" %%a in (%tempLog%) do ( | |
| for /f "tokens=1*" %%c in ("%%b") do ( | |
| if /i "%%a" EQU "MAJOR_HASH" set MajorHash=%%c | |
| if /i "%%a" EQU "MINOR_HASH" set MinorHash=%%c | |
| if /i "%%a" EQU "SHORT_DESCRIPTION" set Type=%%c | |
| if /i "%%a" EQU "CLASSIFICATION" set Exploitability=%%c | |
| ) | |
| ) | |
| set ResultDir=%~2\%CrashDir%\%Exploitability%\%type%\%MajorHash%\%MinorHash% | |
| md "%ResultDir%" | |
| copy /b /y "%~1" "%ResultDir%" | |
| copy /b /y %tempLog% "%ResultDir%" | |
| del /q %tempLog% | |
| goto end | |
| :usage | |
| Echo classify.bat ^ ^ | |
| echo. | |
| echo Classify.bat will place the specified dump and log into a directory structure as follows: | |
| echo. | |
| echo ^\^\^\^ | |
| echo. | |
| echo Examples: | |
| echo ^\EXPLOITABLE\WriteAV\0x6e05193a\0x7505193a | |
| echo ^\PROBABLY_EXPLOITABLE\TaintedDataControlsCodeFlow\0x6e05193a\0x7505193a | |
| echo ^\UNKNOWN\PossibleStackCorruption\0x6e05193a\0x7505193a | |
| echo. | |
| echo Classify.bat requires MSEC.dll to be in the current directory and cdb to be | |
| echo in the path. | |
| echo. | |
| echo To easily run classify.bat against a set of dumps try the following command: | |
| echo. | |
| echo for /R . ^%%a in (*.dmp) do classify.bat ^%%a C:\Crashes | |
| echo. | |
| goto error | |
| :error | |
| exit /b 1 | |
| :end | |
| exit /b 0 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment