dr_checker icon indicating copy to clipboard operation
dr_checker copied to clipboard

Published 20 hours ago verified publisher icon ucsb-seclab

How can I use dr_checker to do common static analysis?

Open tomgu1991 opened this issue 7 years ago • 2 comments

Hi,

Well, it is interesting to use this tool to analyze vulnerabilities in drivers. But can I use it for common static analysis?

Basically, I have a single file with a makefile file. Can I use dr_checker to detect vulnerabilities? Furthermore, I have a buildable project with a makefile.

Can anyone show me the detail steps?

Thanks!

tomgu1991 avatar Sep 26 '17 10:09 tomgu1991

As of now, DR.CHECKER is customized to analyzing the kernel code. We may in near future ( ~ 1 month) release a general purpose taint based vulnerability finding tool based on the DR.CHECKER principles.

However, you can give it a try. Following are the two places you can start with:

  1. Look into KernelCustomizations for the specific changes we made to analyze kernel drivers.
  2. Look into SoundyAliasAnalysis.cpp to know, How we start the tainting process for each entry point.

Machiry avatar Sep 27 '17 17:09 Machiry

Hey,@Machiry

When will the general vulnerabilities detection version be released?

I also want to use dr_checker to detect vulnerabilities in my project which is written by C with makefile.

Thank you.

ch1dyc4t avatar Mar 08 '18 06:03 ch1dyc4t