[fuzzing] code coverage and execution graph
Sergio 'shadown' Alvarez
shadown at gmail.com
Wed Oct 14 13:36:10 UTC 2009
On Oct 14, 2009, at 3:28 PM, Jared DeMott wrote:
> Sergio 'shadown' Alvarez wrote:
>>
>> On Oct 14, 2009, at 3:12 PM, Jared DeMott wrote:
>>
>>
>>> Sergio 'shadown' Alvarez wrote:
>>>
>>>> Hi Jared,
>>>>
>>>> For call-graph based on source code check out http://www.scitools.com/products/understand/
>>>>
>>>> For the rest you should give a try to visi's vtrace/vdb http://www.kenshoto.com/vtrace/releases/
>>>>
>>>>
>>> Ben was saying that http://dynamorio.org/ is the way to go
>>>
>>
>> What Ben said is very true, both, DynamoRio and PIN (http://www.pintool.org
>> ) are really powerful.
>>
>> For quick dynamic instrumentation IMHO vtrace is the best thing out
>> there,
>> the only problem is that there is no shared/centralized repository to
>> contribute to.
>>
>> If you are looking for something powerful enough to do pretty much
>> whatever you want, DynamoRIO and PIN are the way to go, with the
>> downside of the speed in the development.
>>
>> As you've mentioned pydbg, I thought you were looking for something
>> python based.
>> I took that approach, I've over-developed vtrace a lot, and also
>> added
>> kernel debugging to it, that way I have a multi-platform and multi-
>> arch framework to work with. I code a script only once and use it all
>> over the place.
>>
>>
> so for pydbg you have to use IDA and get a PIDA dump to set
> breakpoints on functions or basic blocks. How does vtrace work?
> Can it work on windows without a pida file for example?
Actually with pydbg you can use the branch gera did :), and you don't
need IDA.
In vtrace you have symbols access for the imports and exports. For the
not exported internal functions and basic blocks you can use gera's
module also. You can also use a pida file to do the same thing you do
with pydbg, except that with vtrace you can target more platforms. :)
More information about the fuzzing
mailing list