rip1s / vmware_escape

VMware Escape Exploit before VMware WorkStation 12.5.5
908 stars 351 forks source link

questions from a beginner #3

Closed YoungC2015 closed 7 years ago

YoungC2015 commented 7 years ago

hello, thank you for this post which helps me a lot in learning software security. As a beginner, I have been thinking about how you can achieve the function symbols. I loaded it into winBDG and IDA but not found any symbols. Neither could I found any pdb files any where. So, I try to explain it in three different way:

  1. you compiled vmware from source code, so that can get symbols. (I view the source code that offered by vmware.com, :( but all separated tgz file)
  2. you found some symbol file anyhow.
  3. there is indeed symbols in the vmware.exe, I just didn't do it right.

Just some confusions when I try to analyzing the processing of this POC. I would appreciate if someone can show me the way.

YoungC2015 commented 7 years ago

I figure out that it is all reverse work.