Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Automated generation of object-graph and call-tree documentation #11

Open
frohoff opened this issue Feb 24, 2016 · 0 comments
Open

Automated generation of object-graph and call-tree documentation #11

frohoff opened this issue Feb 24, 2016 · 0 comments
Labels
enhancement

Comments

@frohoff
Copy link
Owner

frohoff commented Feb 24, 2016

To facilitate easier studying of these types of vulnerabilities the tool scaffolding should be able to instrument itself to generate ASCII diagrams of payload object-graphs (similar to this) and deserialization code execution call-trees (similar to this) to understand the mechanics of each gadget chain better. Simply providing a list of gadget classes could be useful, and a more sophisticated implementation could embed and/or link to code/methods executed during deserialization.

Optionally allow such documentation to be printed to the console as verbose-mode help text when using the CLI interface.

PrintUtil from #16 is probably a good start for object graph inspection

Instrumentation stuff:
@frohoff frohoff changed the title automated generation of object-graph and call-tree documentation Automated generation of object-graph and call-tree documentation Mar 4, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@frohoff