Such tools are far more specialized
than source code auditing tools. For example, C source code can be automatically
scanned no matter what target architecture the code is ultimately compiled for; whereas
binary auditing tools will need a separate module for each executable file format they
Gray Hat Hacking: The Ethical Hacker??™s Handbook
304
Figure 12-10 Example BinNavi display
Chapter 12: Passive Analysis
305
PART IV
are capable of interpreting, as well as a separate module for each machine language they
can recognize. Additionally, the high-level language used to write the application and
the compiler used to compile it can each influence what the compiled code looks like.
Compiled C/C++ source code looks very different than compiled Delphi or Java code.
The same source code compiled with two different compilers may possess many similarities
but will also possess many differences.
The major challenge for such products centers on the ability to accurately characterize
behavior that leads to an exploitable condition. Examples of such behaviors include access
outside of allocated memory (whether in the stack or the heap), use of uninitialized variables,
or passing user input directly to dangerous functions.
Pages:
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549