Both of these features
allow users to extend the capabilities of IDA and take advantage of the extensive
analysis that IDA performs on target binaries. Similar to the source code tools discussed
earlier, BugScam scans for potentially insecure uses of functions that often lead to exploitable
conditions. Unlike most of the source code scanners, BugScam attempts to perform
some rudimentary data flow analysis to determine whether the function calls it identifies
are actually exploitable. BugScam generates an HTML report containing the virtual
addresses at which potential problems exist. Because the scripts are run from within IDA
Pro, it is a relatively easy task to navigate to each trouble spot for further analysis on
whether the indicated function calls are actually exploitable. The BugScam scripts leverage
the powerful analysis capabilities of IDA Pro, which is capable of recognizing a large number
of executable file formats, as well as many machine languages.
Sample BugScam output for the compiled find.c binary appears next:
Code Analysis Report for find
This is an automatically generated report on the frequency of misuse of
certain known-to-be-problematic library functions in the executable file
find. The contents of this file are automatically generated using simple
heuristics, thus any reliance on the correctness of the statements in
this file is your own responsibility.
Pages:
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551