How to taint file

44 views
Skip to first unread message

dennis ulysses

unread,
Mar 20, 2015, 9:47:31 AM3/20/15
to bitblaz...@googlegroups.com
Hi,

I write a very simple to test taint file. Source code is below, just read file and will overflow the stack to trigger a crash.
int main(int argc, char **argv)
{
if (!(detectioncond & DETECT_COND_TAINTEIP))
{
printf("hello\n");
}
char aaaa[8];
FILE *handle;
handle = fopen("input.txt", "r");
if (handle != NULL)
{
fgets(aaaa, 20, handle);
fclose(handle);
}
return 0;
}

After build it, I put the sample and input.txt into qemu. and run the command,
load_plugin tracecap/tracecap.so
enable_emulation
tracebyname taint_analysis_file.exe "/tmp/taint1.trace"
taint_file input.txt 0 1111
...
execute taint_analysis_file.exe in qemu,the sample will crash due to overflow
...
trace_stop
Number of instructions decoded: 10244944
Number of operands decoded: 23090406
Number of instructions written to trace: 0
Number of tainted instructions written to trace: 0
Processing time: 37.272 U: 37.152 S: 0.12
Generating file: /tmp/taint1.trace.functions

Does anybody could help to explain why the number of tainted instructions is 0, anything wrong about how to use TEMU tainting file?

Grreat thanks!

Reply all
Reply to author
Forward
0 new messages