- Languate:
Python 3.7.2
- Module:
FRIDA
(python library for hooking) - Target
- Vmware Workstation 15
- Runing tool on
host
enviroment
- Description
- In vmware, host and guest communicate using rpc.
- This tool(rpc-sniffer.py) was made for easy viewing of data between communication.
- The core of the tool is to output the corresponding argument by hooking a specific function of the target process.
- Logic
Analyze the vmware-vmx.exe
binary to check the offset of theexecRPCFunc
.- Using Frida, attach to the target process and get the base address.
- Hook at the location the execRPCFunc (base_address + offset)
- Outputs the argument value passed to the function.
- Result
- Languate:
Python 2.7.17
- Module
keystone
(asm tools)ctypes
- Target
- Vmware Workstation 15
- Runing tool on
guest
enviroment
- Concenpt
- Randomly generates various commands.(CommandList)
- Request the created chunks in random order.
- Result