Cyberiafreak

"Fortunate are those who take the first steps.” ― Paulo Coelho

Info regarding gflags to catch heap issues(Windbg)

This post is about info regarding gflags to catch hard to find heap corruption issues. Here are the two articles that explain the steps.

http://web.lookout.net/2008/05/fuzzing-and-detecting-heap-corruption.html#!/2008/05/fuzzing-and-detecting-heap-corruption.html

http://blogs.msdn.com/b/webdav_101/archive/2010/06/22/detecting-heap-corruption-using-gflags-and-dumps.aspx

In steps,

1) Shutdown or close your “Winword.exe” or any target process that we are trying to analyze

2) Launch Appverifier and specify the following.

Setup gflags [options] process name  module name this is preferred if you know which module.

3) For if component “Spellcheck in Word” is a suspect example:-

  gflags –p /enable winword.exe /full /dlls spellcheck.dll or

4) If we have no clue what is causing the heap corruption then track the whole process.

  gflags –p /enable winword.exe /full

5)Make sure to launch the target application with windbg.

6) Monitor all access violations caught in windbg.

Advertisements

October 4, 2012 - Posted by | windbg

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: