A MSEC Debugger extension

Apr 2, 2009 12:14 GMT  ·  By

Microsoft has made available for download a free and open-source crash analyzer tool. Hosted on Code4Plex, the company's repository for open-source projects, the solution is offered under the Microsoft Public License (Ms-PL), with the source code up for grabs via this link. Pronounced “bang exploitable,” as the Redmond company has put it, the !exploitable Crash Analyzer is designed as an extension of the MSEC Debugger. The software giant uses the tool in order to automatize the analysis of software crashes.

“The tool performs two functions: it groups similar crashes together in order to cut down on looking at duplicates; and it assigns an exploitability classification of “Exploitable,” “Probably Exploitable,” “Probably Not Exploitable,” or “Unknown.” This tool runs as an extension within the Windows Debugger (WinDbg.exe), called MSEC.dll. To run the tool while in the debugger, just type !exploitable,” revealed Jason Shirk, Microsoft Security Engineering Center.

!exploitable Crash Analyzer was launched at CanSecWest in Vancouver in March 2009, by Microsoft's Dave Weinstein and Jason Shirk, who presented the “Automated Real-time and Post Mortem Security Crash Analysis and Categorization” session. Developed as a Windows debugging extension (Windbg), the Crash Analyzer not only performs automated crash analysis but also allows security experts to access a security risk assessment for the debugged software.

Bucketizing is a “technique used within Microsoft for triaging and categorizing crashes. By “Bucketizing” the crashes, developers and testers can quickly see how many actual crashes they are dealing with, and understand any security implications each crash may have,” Shirk added.

MSEC.dll BETA v1.0.1.0 Source and Bins x86 x64, the source code for the Crash Analyzer, has been available for download since March 20 2009, as a Beta release. The Microsoft Security Engineering Center (MSEC) Security Science Team is credited for the creation of the extension.