Assuming the program contains error handling code, these tests
must include exceptional cases that cause execution to pass to each error handler. Failure
to perform any error checking at all, and failure to test every code path, are just two
of the problems that attackers may take advantage of. Murphy??™s Law assures us that it
will be the one section of code thatwas untested that will be the one that is exploitable.
Chapter 14: Advanced Reverse Engineering
337
Without proper instrumentation it will be difficult to impossible to determine why a
program has failed. When source code is available, it may be possible to insert ???debugging???
statements to paint a picture of what is happening within a program at any given
moment. In such a case, the program itself is being instrumented and you can turn on as
much or as little detail as you choose. When all that is available is a compiled binary, it is
not possible to insert instrumentation into the program itself. Instead, you must make
use of tools that hook into the binary in various ways in your attempt to learn as much as
possible about how the binary behaves. In searching for potential vulnerabilities, it
would be ideal to use tools that are capable of reporting anomalous events, because the
last thing you want to do is sort through mounds of data indicating that a program is
running normally.
Pages:
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608