Dailydave mailing list archives
quick poll on bug finding techniques.
From: "wirepair" <wirepair () roguemail net>
Date: Wed, 19 Jan 2005 19:04:37 -0800
lo all, So I'm rather curious on how most people find their remote memory based bugs (overflows and so on). Do you start out doing binaryanalysis? Tracing execution from recv on? Do you scan for known bad functions? strcpy/strcat and other lame bugs? Set break points and go from there? Do you spray and pray with spike? A mix of all? Do you change tactics if its in C or C++? Set break points on
your string (if it is one) and just record all the times that it is referenced by the code.Personally I do the following (and please point out if my steps suck or Im wasting time, I just do this because well, thats how I
taught myself to do it). 1. SPIKE, hell why waste time analyzing if you can own it quickly. 2. bps on dumb functions, might get lucky 3. bp on my sent data, record where it comes in, where it gets copied to, how its referenced. I feel this may miss stuff but I just use it to use my time effectively. 4. hardcore binary analysis, from recv on Im starting off with just doing binary analysis for fun, seeing if it ultimately saves time and just to learn and try to really figure out whats going on. I must say this process is horribly slow and was wondering if anyone has any neat tricks for speeding up the process. Or is it even a process one can speed up? Thoughts appreciated, and would like to get some good conversations going :). -wire -- Visit Things From Another World for the best comics, movies, toys, collectibles and more. http://www.tfaw.com/?qt=wmf _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com https://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- quick poll on bug finding techniques. wirepair (Jan 20)