Dailydave mailing list archives
Re: [fuzzing] Coverage and a recent paper by L. Suto
From: Nicolas RUFF <nruff () security-labs org>
Date: Thu, 25 Oct 2007 13:02:12 +0200
Anyone of you has experience with binary-level static analyzer or model checkers ?
Most static analysis tools (apart from the upcoming Evarista maybe) are working on source code. FYI, we have our very own project hosted here: http://penjili.org/ Static analysis and model checking with the help of source code is still in early stage of industrialization. During compilation, most type information is lost, thus rendering the analysis even more complex. I guess that's why there is no binary-level analyzer I am aware of. Let's consider this seemingly simple sample: ------------------------------------ int main() { char string[16]; char rnd[100]; int i; int j=0; for (i=0; i<100; i++) rnd[i] = 0; // this is the key for (i=0; i<32; i++) { string[j] = 'A'; if (rnd[i]) j++; } return 0; } ------------------------------------ Depending on rnd[] values (true or false), this program could overflow. Using the free Fortify SCA 4 software that comes with "static analysis" book, a buffer overflow condition is always detected (whatever rnd[] value). Using Microsoft Visual Studio 2005 (Microsoft provided VHD) with "/analyze", no buffer overflow is detected (whatever rnd[] value). Just to give you an idea of the existing state of the art... Regards, - Nicolas RUFF _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Coverage and a recent paper by L. Suto Dave Aitel (Oct 15)
- Re: Coverage and a recent paper by L. Suto matthew wollenweber (Oct 15)
- Re: Coverage and a recent paper by L. Suto Stephen John Smoogen (Oct 16)
- Re: Coverage and a recent paper by L. Suto Charles Miller (Oct 16)
- Message not available
- Message not available
- Re: [fuzzing] Coverage and a recent paper by L. Suto matthew wollenweber (Oct 17)
- Re: [fuzzing] Coverage and a recent paper by L. Suto JFV (Oct 18)
- Re: [fuzzing] Coverage and a recent paper by L. Suto Nicolas RUFF (Oct 25)
- Re: [fuzzing] Coverage and a recent paper by L. Suto Alexander Sotirov (Oct 26)
- Re: [fuzzing] Coverage and a recent paper by L. Suto Lance M. Havok (Oct 26)
- Re: [fuzzing] Coverage and a recent paper by L. Suto Nicolas RUFF (Oct 27)
- Re: [fuzzing] Coverage and a recent paper by L. Suto Lance M. Havok (Oct 27)
- Re: [fuzzing] Coverage and a recent paper by L. Suto Alexander Sotirov (Oct 28)
- Re: [fuzzing] Coverage and a recent paper by L. Suto Andre Gironda (Oct 29)
- Re: [fuzzing] Coverage and a recent paper by L. Suto J.M. Seitz (Oct 29)
- Re: Coverage and a recent paper by L. Suto matthew wollenweber (Oct 15)
- Re: Coverage and a recent paper by L. Suto J.M. Seitz (Oct 29)