GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → snorez → srcinv

snorez / srcinv

Licence: GPL-3.0 License
source code audit tool

Programming Languages

C++
36643 projects - #6 most used programming language
c
50402 projects - #5 most used programming language
Makefile
30231 projects

Labels

linuxopen-sourceqakernelauditfuzzing

Projects that are alternatives of or similar to srcinv

Kafl
Code for the USENIX 2017 paper: kAFL: Hardware-Assisted Feedback Fuzzing for OS Kernels
Stars: ✭ 486 (+980%)
Mutual labels:  kernel, fuzzing
Difuze
Fuzzer for Linux Kernel Drivers
Stars: ✭ 285 (+533.33%)
Mutual labels:  kernel, fuzzing
Syzkaller
syzkaller is an unsupervised coverage-guided kernel fuzzer
Stars: ✭ 3,841 (+8435.56%)
Mutual labels:  kernel, fuzzing
Paper collection
Academic papers related to fuzzing, binary analysis, and exploit dev, which I want to read or have already read
Stars: ✭ 710 (+1477.78%)
Mutual labels:  kernel, fuzzing
Fisy Fuzz
This is the full file system fuzzing framework that I presented at the Hack in the Box 2020 Lockdown Edition conference in April.
Stars: ✭ 110 (+144.44%)
Mutual labels:  kernel, fuzzing
Kafl
A fuzzer for full VM kernel/driver targets
Stars: ✭ 204 (+353.33%)
Mutual labels:  kernel, fuzzing
Cfb
Canadian Furious Beaver is a tool for hijacking IRPs handler in Windows drivers, and facilitating the process of analyzing Windows drivers for vulnerabilities
Stars: ✭ 146 (+224.44%)
Mutual labels:  kernel, fuzzing
MsFontsFuzz
OpenType font file format fuzzer for Windows
Stars: ✭ 49 (+8.89%)
Mutual labels:  kernel, fuzzing
linux kernel wiki
linux内核学习资料:200+经典内核文章,100+内核论文,50+内核项目,500+内核面试题,80+内核视频
Stars: ✭ 1,653 (+3573.33%)
Mutual labels:  kernel
slabdbg
GDB plug-in that helps exploiting the Linux kernel's SLUB allocator
Stars: ✭ 55 (+22.22%)
Mutual labels:  kernel
Kirenenko
Super Fast Concolic Execution Engine based on Source Code Taint Tracing
Stars: ✭ 84 (+86.67%)
Mutual labels:  fuzzing
imongo
A MongoDB kernel for Jupyter
Stars: ✭ 51 (+13.33%)
Mutual labels:  kernel
discord-audit-log-bot
A Discord bot that extends Discord's native Audit Log.
Stars: ✭ 109 (+142.22%)
Mutual labels:  audit
bpflock
bpflock - eBPF driven security for locking and auditing Linux machines
Stars: ✭ 54 (+20%)
Mutual labels:  kernel
emmutaler
A set of tools for fuzzing SecureROM. Managed to find and trigger checkm8.
Stars: ✭ 126 (+180%)
Mutual labels:  fuzzing
FuSeBMC
FuSeBMC is a novel Energy-Efficient Test Generator that exploits fuzzing and BMC engines to detect security vulnerabilities in real-world C programs.
Stars: ✭ 26 (-42.22%)
Mutual labels:  fuzzing
healer
Kernel fuzzer inspired by Syzkaller.
Stars: ✭ 194 (+331.11%)
Mutual labels:  fuzzing
keras qa based question selection
Keras-Based LSTM Conv model for Question Selection
Stars: ✭ 24 (-46.67%)
Mutual labels:  qa
Detect-CVE-2017-15361-TPM
Detects Windows and Linux systems with enabled Trusted Platform Modules (TPM) vulnerable to CVE-2017-15361. #nsacyber
Stars: ✭ 34 (-24.44%)
Mutual labels:  audit
pwru
Packet, where are you? -- Linux kernel networking debugger
Stars: ✭ 694 (+1442.22%)
Mutual labels:  kernel
View All Similar Projects ➔

SRCINV v0.6

SRCINV, a source code audit tool. Tested linux-5.3.y with gcc 8.3.0, both vmlinux and single module.

Two branches: master and dev

Implementation English doc

TODO

TODO list

How TO Fix A Bug In SRCINV

How-to-fix-a-bug-in-srcinv.txt

Build srcinv

Dependencies to build this project:

About SELF_CFLAGS in the main Makefile:

  • CLIB_PATH: path to clib
  • SRCINV_ROOT: path to srcinv
  • GCC_PLUGIN_INC: path to gcc plugin headers folder
  • CONFIG_ANALYSIS_THREAD: how many threads to parse resfile
  • CONFIG_DEBUG_MOODE: output more messages
  • HAVE_CLIB_DBG_FUNC: multi-thread backtrace support
  • USE_NCURSES: use ncurses to show detail of each phase
  • Wno-packed-not-aligned: not used
  • fno-omit-frame-pointer: not used
  • CONFIG_THREAD_STACKSZ: the size of thread to parse
  • CONFIG_ID_VALUE_BITS: bits to represent the value of siid
  • CONFIG_ID_TYPE_BITS: bits to represent the type of siid
  • CONFIG_SRC_BUF_START: start of the src memory area, the global si pointer
  • CONFIG_SRC_BUF_BLKSZ: the size of each time we expand the src memory area
  • CONFIG_SRC_BUF_END: end of the src memory area
  • CONFIG_RESFILE_BUF_START: start of resfile area, where we load the resfile
  • CONFIG_RESFILE_BUF_SIZE: size of each time we expand resfile area
  • CONFIG_SI_PATH_MAX: length of src path
  • CONFIG_SRC_ID_LEN: length of src id
  • CONFIG_MAX_OBJS_PER_FILE: max objects we collect for each source file
  • CONFIG_MAX_SIZE_PER_FILE: max size for each source file
  • CONFIG_SAVED_SRC: the filename to save the src content
  • GCC_CONTAIN_FREE_SSANAMES: set if you want to collect the freed ssanames

Run make and make install

Usage

NOTE: you should modify config/module.json before you want to use a specific module. e.g. you code a new module for hacking, you should add it into config/module.json file before running it.

I HIGHLY RECOMMEND you to do all the six steps, till you get the src.saved file. I still can not figure out why it fails when I try to skip over STEP1. So I just put it on TODO lists.

  • collect: Do this in the target project root directory, not srcinv root.

    • Each make should generate only ONE executable file.
    • For a project that may generate more than one executable file, you need to modify the Makefile(s), and generate them one by one.
    • Example, for linux kernel
      • make mrproper
      • make localmodconfig to prepare the .config file
      • make EXTRA_CFLAGS+='-fplugin=/path/to/srcinv/collect/c.so -fplugin-arg-c-output=/path/to/srcinv/tmp/xxx/resfile' vmlinux -jx to generate builtin resfile
      • make EXTRA_CFLAGS+='-fplugin=/path/to/srcinv/collect/c.so -fplugin-arg-c-output=/path/to/srcinv/tmp/xxx/tty.resfile' -C . M=drivers/tty/ modules to get the tty module resfile

  • analysis: in srcinv root directory, ./si_core

    • load_srcfile xxx, xxx is the folder in srcinv/tmp where you just put the resfile(s) into
    • analysis into analysis mode
    • help list supported commands
    • parse resfile 1 1 0 the first 1 is set for kernel project, the second 1 is for the core(for linux kernel, it is vmlinux; 0 for tty.resfile). You can also parse the resfile by:
      • parse resfile 1 1 1
      • parse resfile 1 1 2
      • parse resfile 1 1 3
      • parse resfile 1 1 4
      • parse resfile 1 1 5
      • parse resfile 1 1 6

  • hacking: do anything you want to do

    • in SRCINV> mode, run hacking
    • help list supported commands

screenshots parsing linux kernel

step_1_0 step_1_1 step_1_2 step_1_3 step_1_4 step_2_0 step_2_1 step_3_0 step_3_1 step_3_2 step_3_3 step_4_0 step_4_1 step_5_0 step_5_1 step_5_2 step_6_0 indcfg_0 indcfg_1

LICENSE

This project is under GPL v3 license. See the LICENSE for more details.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].