Dailydave mailing list archives
Re: Immunity Debugger on eWeek
From: Dave Aitel <dave () immunityinc com>
Date: Tue, 14 Aug 2007 14:55:15 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is the ISC site down because they got owned or just because they rm'd something by mistake? How are we going to find out who's a CISSP now?!? More stuff inline... Julien Vanegue wrote:
Dave Aitel wrote: If I had a quarter for every time someone said to me they were going to reverse a binary into an intermediate language and do slicing on it to find all the bugs, I'd ... well, I'd be able to buy some ice cream at least.I guess your point is not to state that these techniques are not working, since many tools in the academic world are already doing this on source code. Maybe thats why people talk about it ? Binary-level tools that include program transformation facilities also start to appear even if there is no commercial environment (afaik) providing it.
I'm sure that almost any static analysis will find SOME bugs. My opinion is that static analysis is not a game changing event, and never will be. In the source code world you have Microsoft's Prefix/Prefast and Fortify (comes free with the Static Analysis book!) and their competitors. These are all quite well engineered and have strong academic credentials, but none of them work. But I have yet to run the ERESI stuff! So perhaps I will change my entire opinion next week when I get a chance to do so. :>
http://www.immunityinc.com/images/immdbg-stackvars.pngIs this script bringing a real innovation, or is it just a presentation of the well-known feature of local variables recognition with some additional warning messages ?
This is a quicky 2-day demo script. Also included as "automatic analysis" is a simple strncpy(dest, src, strlen(src)); bug finder. Mostly API documentation in script form. - -dave -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGwfqRB8JNm+PA+iURAkcDAJsHxBiF6wgY5WVdFRGleKqPWtXMlACgmixC 22QH3+EaKPYjmDTo3cOEx9k= =z7la -----END PGP SIGNATURE----- _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Immunity Debugger on eWeek Julien Vanegue (Aug 13)
- Re: Immunity Debugger on eWeek Dave Aitel (Aug 14)
- Re: Immunity Debugger on eWeek Julien Vanegue (Aug 15)
- Re: Immunity Debugger on eWeek Dave Aitel (Aug 14)