Uninformed: Informative Information for the Uninformed

Vol 5» 2006.Sep


Foreword

Abstract: Sophisticated methods are currently being developed and implemented for mitigating the risk of exploitable bugs. The process of researching and discovering vulnerabilities in modern code will require changes to accommodate the shift in vulnerability mitigations. Code coverage analysis implemented in conjunction with fuzz testing reveals faults within a binary file that would have otherwise remained undiscovered by either method alone. This paper suggests a research method for more effective runtime binary analysis using the aforementioned strategy. This study presents empirical evidence that despite the fact that bug detection will become increasingly difficult in the future, analysis techniques have an opportunity to evolve intelligently.

Disclaimer: Practices and material presented within this paper are meant for educational purposes only. The author does not suggest using this information for methods which may be deemed unacceptable. The content in this paper is considered to be incomplete and unfinished, and therefore some information in this paper may be incorrect or inaccurate. Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. To copy otherwise, to republish, requires prior specific permission.

Prerequisites: For an in-depth understanding of the concepts presented in this paper, a familiarity with Microsoft Windows device drivers, working with x86 assembler, debugging fundamentals, and the Windows kernel debugger is required. A brief introduction to the current state of code coverage analysis, including related uses, is introduced to support information presented within this paper. However, to implement the practices within this paper a deeper knowledge of aforementioned vulnerability discovery methods and methodologies are required. The following software and knowledge of its use is required to follow along with the discussion: IDAPro, Debugging tools for Windows, Debug Stalk, and a virtual machine such as VMware or Virtual PC.

Thanks: The author would like to thank west, icer, skape, Uninformed, and mom.