VxWorks Debugging with BT5r3

I had to make a few modifications to the code referenced here in order to get it running in Backtrack 5 r3.

Download and extract the tarball

1. Download the tarball, extract to an easy to locate directory (e.g., /pentest/forensics/vxworks/).
2. Navigate to the directory and extract the files (‘tar zxvf filename.tar.gz’)

In the vxworks_mem_search.rb file, make sure the that you put the entire location to the vxworks_collide file in line 4, e.g.,

• require ‘/dir/dir/…/vxworks_collide’

To help with encoding issues, place the following at the beginning of the file

• # encoding: UTF-8

And then at the line where the file is reading the memory_data (“memory_data = File.read(input_file)”) add the following right after the closing parenthesis:

• .force_encoding(“ISO-8859-1”).encode(“utf-8”, replace: nil)

Save the file.

Run the file with the following command:

• ruby vmworks_mem_search.rb lookup.txt dump.mem (where dump.mem is the memory dumped using the corresponding metasploit exploit module)