Re: Analyze binary for holes

[Gerardo Richarte <gera () corest com>]

Peter Bondra wrote:
> Hello
> I am interested in how you may go about analyzing a binary file to 
> determine potential format string or buffer overflow holes.
>
> The platforms I am testing are: SunOs Solaris 2.7/8/9(SPARC) and Windows 
> NT/2000/XP.

        You may want to take a look at http://sourceforge.net/projects/bugscam.
I never tried it, but I know its main developer, Mr. Halvar Flake. He's very
well known and respected when it comes to reverse engeneering. Anyway, remember,
always remeber, that any tool is only good in the hands of somebody who can
use it... I mean, no tool will find all the bugs, tools will only, hopefully,
make auditor's life easier... unless you are only intereseted in finding some
bugs, and not all.

        Oh, uhm... you will need IDApro (http://www.datarescue.com), but if
you are going to analyze binary files you'll need it anyway.

        gera

PS: from 

BugScam Readme

This is the preliminary readme file for BugScam.
BugScam is a collection of scripts for the commercial debugger IDA Pro
(http://www.datarescue.com) that will scan a given binary for problematic
uses of certain library functions (e.g. strcpy etc) and generate a nice
output file (HTML so far, LaTeX soon). It's release was inspired by the
fact that I had libaudit.idc (the "core" engine) lying on my harddisk
since early 2001, and never thought someone would bother with something
this simple -- but now in 2003 one can find commercial products
with almost identical functionality on the Web, and as such I decided to
release this as OpenSource.