using dynamorio tracedump to study software vulnerabilities
111 views
Skip to first unread message
assembler
May 7, 2012, 2:32:25 AM5/7/12
to DynamoRIO Users
Hello,
I am experimenting with DynamoRio 3.1.0-4 for windows out-of-the-box
by playing with the drrun.exe tool. Im interested in using dynamorio
and its logging capabilities to study software vulnerabilities and
computer security in general. I would like to see a 'timeline' of
assembly instructions that led up to a given software vulnerability/
bug.
When i run the command "drrun.exe -syntax_intel -tracedump_text -
tracedump_origins -- calc.exe" it works great. It dumps out a ton of
x86 assembly information to view in a text file, listing threads,
basic blocks, etc etc.
However, when i run the same command against a c program i compiled
that causes a stack buffer overflow, which overwrites the return
address with eip 0x41414141 and causes an access violation, the log
file is empty.
"drrun.exe -syntax_intel -tracedump_text -tracedump_origins --
stackoverflow.exe"
What can i do to still have it save all the tracedump logging
information be saved? It seems that since the program is crashing
(what i want) that it doesnt save the logging output(doh!). I would
like to see the problem area of where the return address gets pushed
to the stack, then overwritten,etc.
Is dynamorio able to show any usefull debugging and logging
information out of the box with the tools drrun,drconfig,and drinject,
or would i have to write my own code for that?
Thanks
I am experimenting with DynamoRio 3.1.0-4 for windows out-of-the-box
by playing with the drrun.exe tool. Im interested in using dynamorio
and its logging capabilities to study software vulnerabilities and
computer security in general. I would like to see a 'timeline' of
assembly instructions that led up to a given software vulnerability/
bug.
When i run the command "drrun.exe -syntax_intel -tracedump_text -
tracedump_origins -- calc.exe" it works great. It dumps out a ton of
x86 assembly information to view in a text file, listing threads,
basic blocks, etc etc.
However, when i run the same command against a c program i compiled
that causes a stack buffer overflow, which overwrites the return
address with eip 0x41414141 and causes an access violation, the log
file is empty.
"drrun.exe -syntax_intel -tracedump_text -tracedump_origins --
stackoverflow.exe"
What can i do to still have it save all the tracedump logging
information be saved? It seems that since the program is crashing
(what i want) that it doesnt save the logging output(doh!). I would
like to see the problem area of where the return address gets pushed
to the stack, then overwritten,etc.
Is dynamorio able to show any usefull debugging and logging
information out of the box with the tools drrun,drconfig,and drinject,
or would i have to write my own code for that?
Thanks
Derek Bruening
May 7, 2012, 9:51:04 AM5/7/12
to dynamor...@googlegroups.com
Traces only capture hot code, and you want to see all code. You can run debug build with logging to dump all of the application code: "drrun -debug -loglevel 3 -- ".
- Derek
--
You received this message because you are subscribed to the Google Groups "DynamoRIO Users" group.
To post to this group, send email to dynamor...@googlegroups.com.
To unsubscribe from this group, send email to dynamorio-use...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/dynamorio-users?hl=en.
Reply all
Reply to author
Forward
0 new messages