Uninformed: Informative Information for the Uninformed

Vol 5» 2006.Sep

Stalking and Fuzzing Go Hand in Hand

Process Stalker was transformed by an individual into a windbg extension for use in debugging user-mode and kernel-mode scenarios. This tool was given the title ``Debug Stalk,'' and until now this tool has remained unreleased. Process and Debug Stalker have overcome the static analysis visualization setback by implementing runtime binary analysis. Runtime analysis using Process and Debug Stalking in conjunction with mathematically enhanced CFGs exponentially improves the bug hunting mechanisms using fuzz techniques. Users can graphically determine via runtime analysis which paths have not been traversed and which blocks have not been executed. The user then has the opportunity to refine their testing approach to one that is more effective. When testing a large application, this technique dramatically reduces the overall workload of said scenarios. Therefore, iterations of the Process Stalk tool and the Debug Stalk tool will be used for investigating a faulty driver in this paper.

Debug Stalk is a Windows debugger plug-in that can be used in places where Process Stalking may not be suited, such as in a kernel-mode setting.