[Dailydave] VPC
Thierry Zoller
Thierry at Zoller.lu
Fri Feb 22 05:12:08 EST 2008
Dear Dave,
DA> There's another one called CWSandbox that has a free web form you can
DA> send exe's to. (They hook a bunch of things but I think you can escape
DA> the hooking by calling system calls directly?)
CWSandbox [1] uses Vmware (afaik)
cws_[pid]_mutex
cws_[pid]_event_data
cws_[pid]_event_result
cws_[pid]_mapping
290 hooked apis
10 hooked methods
[1]
http://pferrie.tripod.com/papers/attacks2.ppt
--
http://secdev.zoller.lu
Thierry Zoller
More information about the Dailydave
mailing list