-
Notifications
You must be signed in to change notification settings - Fork 20
In memory fuzzer (example tools)
crossbowerbt edited this page Oct 11, 2011
·
2 revisions
Using the powerful GDB features it's possible to develop an in-memory-fuzzer (a brief article on the subject: http://www.corelan.be/index.php/2010/10/20/in-memory-fuzzing/), in a simple, but effective way.
I've developed 2 tools to execute in memory fuzzing:
- in-memory-break.py analyzes and trace program functions to individuate possible fuzzing points. It places breakpoints at the beginning of the functions and dump their arguments searching for strings.
- in-memory-fuzz.py is the actual fuzzer. It need to know the function to fuzz: the starting and ending addresses will be used to create and restore process snapshots.
You can play with the tool, under the directory: examples/in-memory-fuzzer. Under the same directory a proof-of-concept vulnerable program can be used to test the tools.
This page will be updated soon...