lectures.alex.balgavy.eu

Lecture notes from university.
git clone git://git.alex.balgavy.eu/lectures.alex.balgavy.eu.git
Log | Files | Refs | Submodules

dynamic-data-excavation.md (812B)

      1 +++
      2 title = 'Dynamic data excavation'
      3 +++
      4 # Dynamic data excavation
      5 Data is apparently unstructured, but usage isn't.
      6 
      7 Track pointers -- root pointers, track how pointers derive from each other.
      8 
      9 For arrays, look for loop accessing.
     10 
     11 Type resolution points:
     12 - system calls: type parameter passing registers (ebx, ecx, edx, esi, edi, ebp), type return value in eax
     13 - standard library call: type corresponding argument and return value
     14 
     15 Data-flow tracking
     16 - use shadow memory to keep variable attributes and track propagation
     17 
     18 ## BinArmor
     19 - find arrays in binary programs
     20 - find accesses to arrays
     21 - rewrite binary:
     22     - assign color to each array
     23     - check colors on every array access
     24 - if pointer that first pointed into an array later accesses an area outside the array, crash
     25 
     26 Can protect legacy binaries.