[fuzzing] code coverage and execution graph
Sergio 'shadown' Alvarez
shadown at gmail.com
Thu Oct 15 14:18:21 UTC 2009
A lot of people is asking for the very same thing "A LINK", here is
the link:
http://code.google.com/p/paimei/source/browse/#svn/branches/gera
I wonder if there is some problem with google and the search engine is
down... ;)
Cheers,
sergio
On Oct 14, 2009, at 3:55 PM, Sergio 'shadown' Alvarez wrote:
> gera uses pydasm and follows the jxx and calls to do the
> disassembly., basically you load the the .exe instead of the .pida
> file.
>
> On Oct 14, 2009, at 3:45 PM, Charles Miller wrote:
>
>> Does this actually work? I've never used his module, but I tried
>> writing my own CPU aided basic block coverage tool a few years ago
>> and wasn't happy with the performance (I'm assuming this is what
>> gera's module does). Then again, I'm a sucky developer.
>>
>> Charlie
>>
>>>
>>> Actually with pydbg you can use the branch gera did :), and you
>>> don't need IDA.
>>> In vtrace you have symbols access for the imports and exports. For
>>> the not exported internal functions and basic blocks you can use
>>> gera's module also. You can also use a pida file to do the same
>>> thing you do with pydbg, except that with vtrace you can target
>>> more platforms. :)
>>> _______________________________________________
>>
More information about the fuzzing
mailing list