Hey vulnerability-researcher,
Here are some tips for documenting the reversing work you are doing.
` version 1 Jan 19, 2016.
version 2 Feb 23, 2016. `
- document the OS:
systeminfo | findstr /B /C:"OS Name" /C:"OS Version" /C:"System Type"
- alternate way to document the OS (via reg query):
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v ProductName
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v EditionID
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CSDVersion
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v BuildLabEx
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CurrentVersion
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CurrentBuild
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v CurrentBuildNumber
- get a list of installed security updates via powershell:
run powershell as admin, type:
get-hotfix | find "Security Update"
reference: http://stackoverflow.com/questions/815340/how-do-i-get-a-list-of-installed-updates-and-hotfixes
-
get a list of installed security updates (alternate via cmd.exe): wmic qfe list full
-
IE versions via reg query:
REG QUERY "HKLM\Software\Microsoft\Internet Explorer" /v Version
REG QUERY "HKLM\Software\Microsoft\Internet Explorer" /v svcUpdateVersion
REG QUERY "HKLM\Software\Microsoft\Internet Explorer" /v svcVersion
Are you using windbg for debugging and are looking for ways to document your windbg debugging sessions?
Before hitting the 'g' command after attaching the process to windbg
- open a logfile where all your commands and their outputs will get stored:
.logopen /t C:\directory_name\target.txt
(the above command will add time-stamp to your log file name, so the logfiles will not get overwritten.)
- document the OS:
vertarget
*document the application you are debugging:
|
-
document the state of gflags:
!gflag
-
document the symbol paths:
.sympath
-
after triggering the vulnerability (crashing), consider executing:
!analyze -v
-
after you are done debugging, don't forget to close the logfile:
.logclose
To document the version of IE you are debugging from within windbg:
.shell -ci "*" REG QUERY "HKLM\Software\Microsoft\Internet Explorer" /v Version
.shell -ci "*" REG QUERY "HKLM\Software\Microsoft\Internet Explorer" /v svcUpdateVersion
.shell -ci "*" REG QUERY "HKLM\Software\Microsoft\Internet Explorer" /v svcVersion
@v1m