How to find vulnerabilities in stripped binaries?

watchintv · 10-29-2016, 12:43 AM

Quote:

Originally Posted by rtmistler

Uninitialized memory is memory which doesn't have any particular data in it, was not specifically cleared, or set to a particular pattern. Thus the contents are usually random, or also remnants from other prior use.

And where is uninitialized memory referenced? In the binary? I know it may seem like a stupid question but im still trying to figure this whole memory layout correctly.

rtmistler · 10-29-2016, 01:48 AM

When a program allocates memory. Hard to know of that when you don't have the source.

watchintv · 10-29-2016, 01:53 AM

Quote:

Originally Posted by rtmistler

When a program allocates memory. Hard to know of that when you don't have the source.

"Hard to know of that when you don't have the source." What do you mean? I think I know what you mean, but just for clarification.

rtmistler · 10-29-2016, 10:59 AM

Quote:

Originally Posted by watchintv

"Hard to know of that when you don't have the source." What do you mean? I think I know what you mean, but just for clarification.

Please share what you're thinking is and I'll try to continue explaining it relative to what your experience level seems to be.

watchintv · 10-29-2016, 01:21 PM

Quote:

Originally Posted by rtmistler

Please share what you're thinking is and I'll try to continue explaining it relative to what your experience level seems to be.

Because you need the source code to see where memory is allocated. Am I on the right track or no? Please explain.

rtmistler · 10-29-2016, 08:58 PM

Yes, you have no idea if it is allocating memory versus has a bad pointer.

ntubski · 10-29-2016, 09:50 PM

Not sure that's true actually, even if you don't have the source, you can still see calls to system libraries. I think if you run with something like valgrind that intercepts malloc calls you could catch uninitialized reads even if you don't have the source.