04.02.2026, 21:04
|
|
Новичок
Регистрация: 21.12.2025
Сообщений: 0
С нами:
210647
Репутация:
0
|
|
Описаны элементарные основы.)
Мощной техникой является наследование(taint analysis) данных. Приложение рассматривается не как кучи кода и апи, а как наследование набора исходных данных, например буфера с ключем. В потоке данных остается код обработки ключа.
Реализация с нуля весьма сложна, необходимо обработать весь набор инструкций, еще и ввод данных ядерными апи.
Использовалось на 32 с кастомным dbi. Чем сделать на 64 не знаю, судя по гуглу есть сборки:
Notable Pin-based Taint Analysis Tools
Several academic and open-source projects have developed DTA tools using the Intel Pin framework: - libdft / libdft64: A widely used dynamic taint analysis library designed for the x86/x64 architectures. It is often integrated into other projects and provides the core logic for dynamic taint tracking.
- Angora: A mutation-based fuzzer that uses libdft64 for efficient taint tracking to solve path constraints and increase code coverage.
- DataTracker: Built on top of Pin and libdft, DataTracker is used for collecting high-fidelity data provenance from unmodified Linux programs.
- Dyton: A DTA-based malware analysis tool that uses Pin to provide an API where users can configure data sources and sinks to track information flow.
- PIN-Taint-check: A C++ application that uses the Pin API to perform taint-checking on bytes from user input, primarily to detect buffer overflow vulnerabilities by validating return addresses.
- Pin-based Constant Execution Checker (Pin-based CEC): This tool uses taint analysis to help identify if differences in execution or memory access patterns are dependent on "secret" or tainted data, aiding in security analysis.
- podft: A hybrid taint tracking framework that combines static analysis with a dynamic Pin-based tracker to accelerate the analysis process.
|
|
|