[insight-vmi] r2003 committed - Updated output and tested a bit. Seems to be a good start.
0 views
Skip to first unread message
insig...@googlecode.com
Jul 12, 2013, 10:13:37 AM7/12/13
to insight-v...@googlegroups.com
Revision: 2003
Author: vo...@in.tum.de
Date: Fri Jul 12 07:13:15 2013
Log: Updated output and tested a bit. Seems to be a good start.
http://code.google.com/p/insight-vmi/source/detail?r=2003
Modified:
/trunk/libinsight/detect.cpp
=======================================
--- /trunk/libinsight/detect.cpp Fri Jul 12 05:57:46 2013
+++ /trunk/libinsight/detect.cpp Fri Jul 12 07:13:15 2013
@@ -314,7 +314,7 @@
<< "\t Detected " << Console::color(ctError) << changedDataPages
<< Console::color(ctReset)
<< " modified executable DATA pages." << endl
<< "\t Detected " << Console::color(ctError) << changedPages <<
Console::color(ctReset)
- << " modified CODE pages." << endl;
+ << " modified CODE pages.\n" << endl;
// Exchange
delete(ExecutablePages);
@@ -495,6 +495,19 @@
return;
}
}
+
+ Console::out()
+ << Console::color(ctWarningLight)
+ << "WARNING:" << Console::color(ctReset)
+ << " Detected malicious function pointer '"
+ << funcPointer.fullName() << "' @ "
+ << Console::color(ctAddress) << "0x"
+ << hex << funcPointer.address() << dec
+ << Console::color(ctReset) << " pointing to "
+ << Console::color(ctAddress) << "0x"
+ << hex << pointsTo << dec
+ << Console::color(ctReset)
+ << endl;
stats.malicious++;
}
Author: vo...@in.tum.de
Date: Fri Jul 12 07:13:15 2013
Log: Updated output and tested a bit. Seems to be a good start.
http://code.google.com/p/insight-vmi/source/detail?r=2003
Modified:
/trunk/libinsight/detect.cpp
=======================================
--- /trunk/libinsight/detect.cpp Fri Jul 12 05:57:46 2013
+++ /trunk/libinsight/detect.cpp Fri Jul 12 07:13:15 2013
@@ -314,7 +314,7 @@
<< "\t Detected " << Console::color(ctError) << changedDataPages
<< Console::color(ctReset)
<< " modified executable DATA pages." << endl
<< "\t Detected " << Console::color(ctError) << changedPages <<
Console::color(ctReset)
- << " modified CODE pages." << endl;
+ << " modified CODE pages.\n" << endl;
// Exchange
delete(ExecutablePages);
@@ -495,6 +495,19 @@
return;
}
}
+
+ Console::out()
+ << Console::color(ctWarningLight)
+ << "WARNING:" << Console::color(ctReset)
+ << " Detected malicious function pointer '"
+ << funcPointer.fullName() << "' @ "
+ << Console::color(ctAddress) << "0x"
+ << hex << funcPointer.address() << dec
+ << Console::color(ctReset) << " pointing to "
+ << Console::color(ctAddress) << "0x"
+ << hex << pointsTo << dec
+ << Console::color(ctReset)
+ << endl;
stats.malicious++;
}
Reply all
Reply to author
Forward
0 new messages