How to taint API?
51 views
Skip to first unread message
Congcong
May 2, 2012, 4:40:43 AM5/2/12
to BitBlaze User Discussion group
I want to use temu to trace the behavior of a Trojan.
When the trojan is started,it can release some files and then delete
itself.Therefore,I want to obtain the trace by tainting some API which
the trojan called.
So...I want to know,how to taint the API?
for example:
If I input "taint_nic 1", the Taint origins will be
TAINT_SOURCE_NIC_IN.
I input ???,or How should I do?the Taint origins will be
TAINT_SOURCE_API_TIME_IN,TAINT_SOURCE_HOOKAPI,and so on.
When the trojan is started,it can release some files and then delete
itself.Therefore,I want to obtain the trace by tainting some API which
the trojan called.
So...I want to know,how to taint the API?
for example:
If I input "taint_nic 1", the Taint origins will be
TAINT_SOURCE_NIC_IN.
I input ???,or How should I do?the Taint origins will be
TAINT_SOURCE_API_TIME_IN,TAINT_SOURCE_HOOKAPI,and so on.
Reply all
Reply to author
Forward
0 new messages