eEye Duster – Dead/Uninitialized Stack Eraser


Duster is the Dead/Uninitialized Stack Eraser, an injectable DLL that causes uninitialized stack and heap memory in its host process to be wiped over with a specific value. It is intended as a crude tool to assist in the run-time discovery of uninitialized memory usage problems by increasing the chances that the host process will raise an exception when a value in uninitialized memory is used. To use Duster, just inject it into the target process (using the DLLInject utility), or add it to AppInit_DLLs (possible but not recommended).

Duster is a quick and dirty implementation of its concept, and as such, it has a number of limitations:

Stack wiping is accomplished by overwriting all memory between the stack commit “ceiling” and ESP, whenever RtlAllocateHeap, RtlReAllocateHeap, or RtlFreeHeap is called, an exception occurs, or a system call is dispatched, which seriously limits the execution flow “granularity” with which stack wiping occurs. Additionally, system call dispatch hooking is accomplished by replacing specific “INT 2Eh” or “MOV EDX, 7FFE0300h” instructions, the first of which currently relies upon a two-byte privileged instruction which is handled specially by the exception handler hook, resulting in some overhead but mostly making it difficult to use a debugger in conjunction with Duster on Windows 2000.

Heap wiping, in addition to a limited amount of heap and argument validation, is performed whenever a heap block is allocated or freed. This is roughly a subset of the functionality provided by the Windows heap manager in debug mode, with the most significant deficiency on Duster’s part being that it does not wipe memory following a call to RtlReAllocateHeap.

You can download here:

Duster

Posted in: Hacking Tools, Security Software

, ,


Latest Posts:


GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.
Fuzzilli - JavaScript Engine Fuzzing Library Fuzzilli – JavaScript Engine Fuzzing Library
Fuzzilii is a JavaScript engine fuzzing library, it's a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language.
OWASP APICheck - HTTP API DevSecOps Toolset OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.


Comments are closed.