Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Immunity Debugger on eWeek

From: Dave Aitel <dave () immunityinc com>
Date: Tue, 14 Aug 2007 14:55:15 -0400
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Is the ISC site down because they got owned or just because they rm'd
something by mistake? How are we going to find out who's a CISSP now?!?

More stuff inline...

Julien Vanegue wrote:

Dave Aitel wrote:

If I had a quarter for every time someone said to me they were
going to reverse a binary into an intermediate language and do
slicing on it to find all the bugs, I'd ... well, I'd be able to
buy some ice cream at least.


I guess your point is not to state that these techniques are not
working, since many tools in the academic world are already doing
this on source code. Maybe thats why people talk about it ?
Binary-level tools that include program transformation facilities
also start to appear even if there is no commercial environment
(afaik) providing it.

I'm sure that almost any static analysis will find SOME bugs. My
opinion is that static analysis is not a game changing event, and
never will be.

In the source code world you have Microsoft's Prefix/Prefast and
Fortify (comes free with the Static Analysis book!) and their
competitors. These are all quite well engineered and have strong
academic credentials, but none of them work. But I have yet to run the
ERESI stuff! So perhaps I will change my entire opinion next week when
I get a chance to do so. :>
 


http://www.immunityinc.com/images/immdbg-stackvars.png



Is this script bringing a real innovation, or is it just a
presentation of the well-known feature of local variables
recognition with some additional warning messages ?


This is a quicky 2-day demo script. Also included as "automatic
analysis" is a simple strncpy(dest, src, strlen(src)); bug finder.
Mostly API documentation in script form.

- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGwfqRB8JNm+PA+iURAkcDAJsHxBiF6wgY5WVdFRGleKqPWtXMlACgmixC
22QH3+EaKPYjmDTo3cOEx9k=
=z7la
-----END PGP SIGNATURE-----

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: