|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: Analyze binary for holes
Date: Mon Aug 11 2003 - 18:09:40 EDT
Peter Bondra wrote:
>
> Hello
> I am interested in how you may go about analyzing a binary file to
> determine potential format string or buffer overflow holes.
>
> The platforms I am testing are: SunOs Solaris 2.7/8/9(SPARC) and Windows
> NT/2000/XP.
You may want to take a look at http://sourceforge.net/projects/bugscam. I never tried it, but I know its main developer, Mr. Halvar Flake. He's very well known and respected when it comes to reverse engeneering. Anyway, remember, always remeber, that any tool is only good in the hands of somebody who can use it... I mean, no tool will find all the bugs, tools will only, hopefully, make auditor's life easier... unless you are only intereseted in finding some bugs, and not all.
Oh, uhm... you will need IDApro (http://www.datarescue.com), but if you are going to analyze binary files you'll need it anyway.
gera
PS: from
BugScam Readme
This is the preliminary readme file for BugScam. BugScam is a collection of scripts for the commercial debugger IDA Pro (http://www.datarescue.com) that will scan a given binary for problematic uses of certain library functions (e.g. strcpy etc) and generate a nice output file (HTML so far, LaTeX soon). It's release was inspired by the fact that I had libaudit.idc (the "core" engine) lying on my harddisk since early 2001, and never thought someone would bother with something this simple -- but now in 2003 one can find commercial products with almost identical functionality on the Web, and as such I decided to release this as OpenSource. Received on Mon Aug 11 18:11:48 2003
This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:40 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |