Presentation is loading. Please wait.

Presentation is loading. Please wait.

Malware and Software Vulnerability Analysis Q&A of Fuzzing Programming Project 2 Cliff Zou University of Central Florida.

Published bySherman Fields Modified over 5 years ago

Similar presentations

Presentation on theme: "Malware and Software Vulnerability Analysis Q&A of Fuzzing Programming Project 2 Cliff Zou University of Central Florida."— Presentation transcript:

1 Malware and Software Vulnerability Analysis Q&A of Fuzzing Programming Project 2 Cliff Zou University of Central Florida

2 Manual Bugs Added Original code is a C++ code: ‘jpg2bmp.cpp’
All 8 bugs are segmentation fault (11) or illegal instruction fault (6) added manually by me with the following code: int (*foo)(void);   /* function pointer definition */ ....      fprintf(stderr, "Bug #2 triggered.\n");      int (*foo)(void) = (int (*)(void))0xbffbffff;      foo();  /* this will trigger illegal instruction fault */    They are added in places where the program processes the image parameters

3 Input Processing Question: I understand the concept of fuzzing and I am clear about the example program discussed in class. However the project assignment is totally different in that the input needs to be a file instead of argv[], and we need to record down modified image file that causes crash instead of simply printf() in the example. I am not clear as to how to do that !

4 Input Processing Answer: Your fuzzer program needs to use the given 'cross.jpg' image file to generate a mutated jpg file, say 'test.jpg‘, to feed it to jpg2bmp for execution: Open & read the 'cross.jpg' file as binary format file In C code it could be:  fin = fopen("./cross.jpg", "rb"); fout = fopen("./test.jpg", "wb");  Read the 'cross.jpg' file as byte stream into a character array variable buff[] you defined. Make sure the char array variable has enough space to hold the image file.

5 Input Processing Modify this character array variable buff[] in whatever way you want (mutation). You don't need to know the structure of JPEG format since we are doing mutation-based fuzzing, which does not assume you to know any format of the input Write this character array variable back to the ‘test.jpg’ file.   Execute jpg2bmp to process the ‘test.jpg’ file, such as: char comBuf[200]; sprintf(comBuf, "./jpg2bmp test.jpg temp.bmp"); ret = system(comBuf); In C code, the reading/writing file can use fread(), fwrite() functions, or any other C file operation functions.

6 Automatic File Name Creation
Question: I am looking for a way in which I could save each input image that triggers each bug, instead of just saving the last one crashing image. So how can I read from the command prompt to check for the Bug number? Question: If I generated 10,000 mutated image files for the fuzzing test, will I need to save all of them? How do I just save image files that cause crash? How do I know which bug is triggered by each crashing image?

7 Automatic File Name Creation
Answer: All "Bug #x triggered" messages are printed out in Stderr, which is hard to read as the fuzzer keeps running and generating Stderr output. A simpler, not intelligent way is:  keep a counter variable n to increase by 1 when a crash (segmentation fault) happens, then save the image file which causes this crash with the file name as fileName = 'crashed-n.jpg' and fprintf(stderr, "file %s is generated\n", fileName);  so that this crash number appeared right after the system output print of "Bug #x triggered“ in stderr.   So after fuzzing test produces, for example, 1000 crashes,  my fuzzer has produced 1000 crashed-x.jpg image files under the current directory. Then I can check the Stderr output (redirected and saved to a text file) to see which Bug number produces which crashed-n.jpg.

8 Automatic File Name Creation
It is easy to generate a variable file name. Such as: char fileName[30]; int n; .... sprintf(fileName, "crashed-%d.jpg", n); fout = fopen(fileName, "wb");

9 Unlabeled Bugs Besides the 8 manually added bug, the original code has an additional segmentation fault bug This is a real bug in the original code! But this bug will not be counted as one of the 7 out of 8 bugs required to be discovered.

10 Completeness Question: Hi Professor, Can you give any hints for how to find Bugs 3 and 6? I found all others multiple times but not these two? Answer: You can modify your fuzzer code with different ways in mutating the cross.jpg file, and then test the new fuzzer code with another round of, for example, 1000 mutated image files. Mutation Ways: Change one byte at a random location to a random value. Change m consecutive bytes at a random location to all zero. Change m bytes at m random locations to value 255. …….

Download ppt "Malware and Software Vulnerability Analysis Q&A of Fuzzing Programming Project 2 Cliff Zou University of Central Florida."

Similar presentations

R4 Dynamically loading processes. Overview R4 is closely related to R3, much of what you have written for R3 applies to R4 In R3, we executed procedures.

R4 Dynamically loading processes. Overview R4 is closely related to R3, much of what you have written for R3 applies to R4 In R3, we executed procedures.
What is a pointer? First of all, it is a variable, just like other variables you studied So it has type, storage etc. Difference: it can only store the.

What is a pointer? First of all, it is a variable, just like other variables you studied So it has type, storage etc. Difference: it can only store the.
CSSE221: Software Dev. Honors Day 28 Announcements Announcements Simulation grades coming back Simulation grades coming back All C Projects due Friday.

CSSE221: Software Dev. Honors Day 28 Announcements Announcements Simulation grades coming back Simulation grades coming back All C Projects due Friday.
Homework Reading Programming Assignments

Homework Reading Programming Assignments
Topics Introduction Hardware and Software How Computers Store Data

Topics Introduction Hardware and Software How Computers Store Data
CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.

CAP6135: Malware and Software Vulnerability Analysis Buffer Overflow : Example of Using GDB to Check Stack Memory Cliff Zou Spring 2011.
IPC144 Introduction to Programming Using C Week 1 – Lesson 2

IPC144 Introduction to Programming Using C Week 1 – Lesson 2
CP104 Introduction to Programming File I/O Lecture 33 __ 1 File Input/Output Text file and binary files File Input/output File input / output functions.

CP104 Introduction to Programming File I/O Lecture 33 __ 1 File Input/Output Text file and binary files File Input/output File input / output functions.
File Handling Spring 2013Programming and Data Structure1.

File Handling Spring 2013Programming and Data Structure1.
Testing and Debugging Version 1.0. All kinds of things can go wrong when you are developing a program. The compiler discovers syntax errors in your code.

Testing and Debugging Version 1.0. All kinds of things can go wrong when you are developing a program. The compiler discovers syntax errors in your code.
22. FILE INPUT/OUTPUT. File Pointers and Streams Declarations of functions that perform file I/O appear in. Each function requires a file pointer as a.

22. FILE INPUT/OUTPUT. File Pointers and Streams Declarations of functions that perform file I/O appear in. Each function requires a file pointer as a.
Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Presenter: Jianyong Dai Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookhot.

Automatic Diagnosis and Response to Memory Corruption Vulnerabilities Presenter: Jianyong Dai Jun Xu, Peng Ning, Chongkyung Kil, Yan Zhai, Chris Bookhot.
Topics 1.File Basics 2.Output Formatting 3.Passing File Stream Objects to Functions 4.More Detailed Error Testing 5.Member Functions for Reading and 6.Writing.

Topics 1.File Basics 2.Output Formatting 3.Passing File Stream Objects to Functions 4.More Detailed Error Testing 5.Member Functions for Reading and 6.Writing.
File IO and command line input CSE 2451 Rong Shi.

File IO and command line input CSE 2451 Rong Shi.
Chapter 8 File-Oriented Input and Output. 8.1 INTRODUCTION a file can also be designed to store data. We can easily update files, A data file as input.

Chapter 8 File-Oriented Input and Output. 8.1 INTRODUCTION a file can also be designed to store data. We can easily update files, A data file as input.
Overflow Examples 01/13/2012. ACKNOWLEDGEMENTS These slides where compiled from the Malware and Software Vulnerabilities class taught by Dr Cliff Zou.

Overflow Examples 01/13/2012. ACKNOWLEDGEMENTS These slides where compiled from the Malware and Software Vulnerabilities class taught by Dr Cliff Zou.
1 File Handling. 2 Storage seen so far All variables stored in memory Problem: the contents of memory are wiped out when the computer is powered off Example:

1 File Handling. 2 Storage seen so far All variables stored in memory Problem: the contents of memory are wiped out when the computer is powered off Example:
Introduction to Systems Programming (CS 0449) C Preprocessing Makefile File I/O.

Introduction to Systems Programming (CS 0449) C Preprocessing Makefile File I/O.
Objective Explain basic fuzzing with concrete coding example

Objective Explain basic fuzzing with concrete coding example
CMPSC 16 Problem Solving with Computers I Spring 2014 Instructor: Lucas Bang Lecture 11: Pointers.

CMPSC 16 Problem Solving with Computers I Spring 2014 Instructor: Lucas Bang Lecture 11: Pointers.

Similar presentations

Ads by Google