Hacker Newsnew | past | comments | ask | show | jobs | submit | citronneur's commentslogin

ttddbg 1.1.0 is out with new tracing feature ! Based on #IDA database, arguments and return value are pretty-printed !


Impressive works, It allows you to knock on 80 and 443 ports without drivers!


Indeed, nice works !!


I made a little fix, if you want to retry


Thanks! This happens to work for me, but the root of the problem is the same: there's no guarantee that the handle will still be in that register when the function returns; my compiler just happens to not be clobbering that register.

Anyway, this is probably good enough as a bpf demonstration and it definitely has made its impact looking at other comments here. That's probably all that matters.


Lateral movement for example


You have also https://github.com/pathtofile/bad-bpf or https://github.com/Gui774ume/ebpfkit which are good references also


You need uretprobe but also need to read an arg by ref so no I don't think so... But thanks for the tip


Thanks I will check that!


Thanks!


thanks !


Yes we also use for https://github.com/airbus-cert/dirtypipe-ebpf_detection which is a dirtypipe detection program!


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: