Basic Binary Auditing (step 1)

When we analyse the source code for vulnerabilities, it takes lot of time to find the sign extension issues and other related issues. But binary point it out very clearly. What i usually do is, i download the source code and build it and load the binary and PDB files into the IDA Pro and run a python script to get the list of places “possible” vulnerabilities exists. Then i will go back to the source code and see whether the particular points are vulnerable or not. Note that whatever listed by this script are not vulnerable points. It just tells you , there “may be” some vulnerabilities at this point.

import idc,sys
from idaapi import *

def translate_color (color):
    if (color == "red"):
        color_code = 0x2020c0;
    elif (color == "blue"):
        color_code = 0xc02020;
    elif (color == "green"):
        color_code = 0x208020;
    elif (color == "orange"):
        color_code = 0x5493E1;
    elif (color == "yellow"):
        color_code = 0x54DFE1;
        #Message("Unrecognized color. Currently supports red, green, blue, orange, yellow or custom via #RRGGBB.\n");
        color_code = 0xffffff
    return color_code;

def colour_this(ea, color):
    color_code = translate_color(color);
    SetColor(ea, CIC_ITEM, color_code);

for seg_ea in Segments():
    #print SegName(seg_ea)
    print "Starting";
    if SegName(seg_ea) == ".text":
        for head in Heads(seg_ea, SegEnd(seg_ea)):
            if isCode(GetFlags(head)):
                if mne.startswith("movsx"):
                    print "EA: 0x%-16x, disasm: %-60s , func: %s" % (head,GetDisasm(head),GetFunctionName(head))
                    colour_this(head, "red")
                if mne.startswith("sar"):
                    print "EA: 0x%-16x, disasm: %-60s , func: %s" % (head,GetDisasm(head),GetFunctionName(head))
                    colour_this(head, "yellow")
                if mne.startswith("idiv"):
                    print "EA: 0x%-16x, disasm: %-60s , func: %s" % (head,GetDisasm(head),GetFunctionName(head))
                    colour_this(head, "green")

    print "Done";

This entry was posted in Binary Auditing, IDA Pro and tagged , , , , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s