AVM Inception: How We Can Use AVM Instrumenting in a Beneficial Way
No ratings
Presented at ShmooCon 2012 by
Binary instrumentation was traditionally an area for native code examination. But it is also possible to apply the same technique to bytecode that uses a virtual machine. We are surrounded by many types of virtual machines these days. One of them is AVM - and the truth is that AVM has been one of the largest targets for exploitation over the last few years. It has been prone to multiple vulnerabilities including CVE-2011-0611 and CVE-2011-0609. Because the issue covers both the bytecode and native world, the actual analysis of the vulnerability can take a long time compared to more traditional vulnerabilities. We developed bytecode instrumentation (in this case AVM bytecode instrumentation) to solve this challenging problem. What the analysts see from the crash dumps or debug traces are the dynamically generated code. Even though it’s not impossible to debug the problem tracing this dynamically generated JIT code, it would be much quicker if we knew what was really happening at the bytecode level.