Escolar Documentos
Profissional Documentos
Cultura Documentos
vulnerabilities
Speech outline (I)
• Legal considerations concerning reverse
engineering
• Introduction to the topic: The different
approaches to auditing binaries
• Review of C/C++ programming mistakes
• Spotting these mistakes in the binary
• Demonstration of finding a vulnerability
• --- Break ---
Pro‘s:
• The process is largely automatic
• No specially skilled personnel is needed
• The stress-testing tool is re-usable
Con‘s:
• The protocol has to be known
• Complex conditions will be missed
Pro‘s:
• Even very complex conditions are found
Con‘s:
• Auditor needs to be highly skilled
• Nearly infeasible for large applications
• Very time consuming since one will be
reading a lot of irrelevant `tentacles´
• Can disassemble x86, SPARC, IA64, MIPS and much more ...
• Includes a powerful scripting language
• Can recognize statically linked library calls
• Features a powerful plug-in interface
• Features CPU Module SDK for self-developed CPU modules
• Automatically reconstructs arguments to standard calls via
type libraries, allows parsing of C-headers for adding new
standard calls & types
• Great technical support
• ... much more ...
© 2001 Halvar Flake
C/C++ auditing recap
strcpy() and strcat()
Old news:
printf(“%s“, userdata);
Assembly representation:
push 4
mov eax, unkn_40D278
push eax
lea eax, [ebp+var_458]
push eax
call _memcpy
Argument deficiency
Argument deficiency
PE File Header
.text section
containing code
Zero-padded to
so-called `Cave` the file alignment
(usually 0x200)
other sections
containing data
so-called ´Cave´
...
.text section
containing code