To accomplish any of these
tasks, an automated tool must be able to accurately compute ranges of values taken on by
index variables and pointers, followthe flowof user-input values as they are used within the
program, and track the initialization of all variables referenced by the program. Finally, to
be truly effective, automated vulnerability discovery tools must be able to perform each of
these tasks reliably while dealing with the many different algorithmic implementations
used by both programmers and their compilers. Suffice it to say there have not been many
entries into this holy grail of markets, and of those, most have been priced out of the average
user??™s hands.
We will briefly discuss three different tools that perform some form of automated
binary analysis. Each of these tools takes a radically different approach to their analysis,
which serves to illustrate the difficulty with automated analysis in general. The three tools
are Halvar Flake??™s BugScam, Tyler Durden??™s Chevarista, and BinDiff from SABRE Security.
BugScam
An early entry in this space, BugScam is a collection of scripts by Halvar Flake for use with
IDA Pro, the Interactive Disassembler Professional from DataRescue. Two of the powerful
features of IDA are its scripting capabilities and its plug-in architecture.
Pages:
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550