A served-based tool with web interface providing basic exploit analysis.

Core system is in C++ while the web interface is designed in Django framework. Code emulation is provided by libemu library available here: http://libemu.carnivore.it/ Tool is being designed and implemented as a BSc Thesis.

• system API called by GetProcAddress
• DLLs loaded through LoadLibraryA
• check for getPC (resulting in shellcode offset in file)
• loops detection (start, vertexes, iterations)
• search for similar code snippets among all samples
• graphs comparison (with hash)

• support for BIN files (plain x86 machine code)
• support for PCAP files

• generation of the execution graph
• console output
• database output

Grouping decides how samples should be grouped by comparing their loop hashes and computing their resemblence rate.

• Django web interface
• PostgreSQL database for results
• Server-side program in C++ for analysis
• Shared library of the program above to allow incorporating it into other projects