In previous blogs, I’ve talked about using code coverage as one metric for assessing the effectiveness of fuzzing. While protocol specifications and application definitions can be used for fuzzing, the interdependencies of fields and messages within protocols, including state, are not always obvious. For example, when looking at the telnetd source, it’s pretty obvious that you need to send 4 or 5 primary telnet options before the server will enter the main loop. Or the fact that no matter what you do with the XDISPLAYLOC telnet option, you are wasting time since the server simply passes this to setenv.
What we really need is an interactive way to look at code coverage to help us guide the development of a fuzzer. The goal here is not as much to get a concrete measurement about the coverage, but to help us better understand how the control flow works and how the protocol fields affect the control flow. It also helps us understand how some fields/messages up front affect the subsequent messages because of the dependencies in state, structure and semantics.
Various reverse engineering tools exist for compiled binaries including, IDA pro and Pai Mei. But when you have the source, why not use it? Lcov is another open source tool that generates coverage information from multiple runs of the target and it’s primary purpose is to provide top-line summaries of directories and files. However, it’s not interactive.
Rcov is a WEBrick application that uses the compile/runtime output generated by gcov, uses the browser for navigation (tested with Firefox and Safari), cross links the source using ctags and decorates the output using the runtime coverage data generated by the program under execution. You can think of this as a cross between Doxygen and lcov.
Once rcov is fired up with the root directory of the target’s source, it will first read the various gcda files generated by the compiler. It will then listen on localhost:8080 and you can point your browser to this URL. Run your fuzzer against the target and each time the target exits, the gcov compiled target will dump a bunch of gcno files. Refresh your browser window and you should see the source files updated with coverage information.
| Download | rcov-0.1.tar.gz |
| MD5 | 25d98bea9d8d33bb471df89b21a58b3b |
| License | BEER-WARE |
Screen shots:
#1 code coverage
#2 ctags lookup
More information in the README.txt included in the distribution. And yeah, the ‘r’ in rcov is for ruby.
Happy fuzzing.
Pingback: Internet Security and Programming » Blog Archive » Code coverage and fuzzing
Pingback: Using code coverage to improve fuzzing results | The Software Nook
Pingback: cool caravans
Pingback: clothing
Pingback: swivelOutdoorBarStools
Pingback: craftsman cladding email
Pingback: guaranteed rankings
Pingback: best supplements for muscle gain
Pingback: Dallas Marketing
Pingback: Siesta Key 2 Bedroom Vacation Rental
Pingback: All New Kia Picanto
Pingback: Dallas Wedding Photographers
Pingback: best seo blog
Pingback: Dallas Family Portrait Photographer
Pingback: pre workout supplements
Pingback: Vehicle Warranties
Pingback: Escort girl Paris
Pingback: Plumers Carlsbad
Pingback: Ramtha
Pingback: bodybuilding supplements
Pingback: San diego dentists
Pingback: best bcaa
Pingback: webcam chat
Pingback: simran possessed
Pingback: Phil Cannella
Pingback: Phil Cannella
Pingback: movie cast lists
Pingback: Cruises Deals
Pingback: flights to pakistan
Pingback: LED Lights
Pingback: noclegi zakopane
Pingback: womens handbags
Pingback: weight loss plan
Pingback: watch free movies online
Pingback: inkjet cartridges
Pingback: uzaktan egitim
Pingback: free apple ipad 3
Pingback: pozyczki chwilowki
Pingback: Atlanta Limo
Pingback: San Diego Luxury Rentals
Pingback: read more
Pingback: buy twitter
Pingback: Cary Leung Sun Life
Pingback: Interior Decorators Kansas City
Pingback: ingilizce kursu
Pingback: Hotel Offers
Pingback: Lucia Emiraz
Pingback: investment properties
Pingback: watch naruto
Pingback: website design
Pingback: Garden Stakes
Pingback: Arcadia Physical Therapy
Pingback: iphone
Pingback: Super Bowl Picks
Pingback: Best Treatment For Eczema
Pingback: Wedding photographers in Miami
Pingback: Credit Card Processing
Pingback: Project Payday
Pingback: eye floaters treatment
Pingback: best virgin remy hair extensions
Pingback: facebook smiley faces
Pingback: bingo game template
Pingback: touch phone
Pingback: Redlands apartments
Pingback: barmixerschule
Pingback: seo analysis
Pingback: e-cigs
Pingback: are omega 3 fish oil supplements expensive
Pingback: send flowerrs to sri lanka
Pingback: global domains international scam
Pingback: Montage Photo Gratuit
Pingback: Home Remedies for Acne
Pingback: tanie noclegi zakopane
Pingback: motels wildwood nj
Pingback: dating advice
Pingback: chest coach system
Pingback: how to start website
Pingback: lawn service marketing
Pingback: marijuana addiction
Pingback: Denver Electrician
Pingback: what is serotonin
Pingback: work at home
Pingback: hugeyields
Pingback: hobby toys
Pingback: pictures of girls
Pingback: giraffe bracing
Pingback: weight loss motivation
Pingback: coleman grills parts
Pingback: become a guy magnet by james scott
Pingback: haier portable air conditioner malaysia
Pingback: how to scrunch hair without frizz
Pingback: pain during intercourse after childbirth
Pingback: Blog filmy porno
Pingback: Online Calculators
Pingback: Home Laser Hair Removal
Pingback: los angeles property inspector
Pingback: joomla buch
Pingback: Scott Tucker Payday Loans
Pingback: Okna Pcv Mogilno
Pingback: Scott Tucker CBS
Pingback: Okna Gniezno
Pingback: BPO Companies
Pingback: check out my website
Pingback: Skirt Sports
Pingback: Coffee Packaging
Pingback: mold mitigation colorado springs
Pingback: Franchise Kids
Pingback: rack card printing
Pingback: hemi engine parts
Pingback: Website Hosting
Pingback: football speed
Pingback: find sex partner
Pingback: adult social network
Pingback: track and field training
Pingback: Composite Decks Pueblo CO
Pingback: seo san diego
Pingback: boise seo
Pingback: car insurance austin
Pingback: MORTGAGE
Pingback: genital warts in women
Pingback: car finance on credit
Pingback: business continuity
Pingback: melatonin schlafmittel
Pingback: maryland short sale attorney
Pingback: Auto Repair Aliso Viejo
Pingback: frostwire
Pingback: Herbal Smoking
Pingback: Air Conditioning Repairs
Pingback: Robert Shumake
Pingback: Go Tampa Pest Control
Pingback: Commercial Insurance Tampa
Pingback: recipes
Pingback: sugar daddie
Pingback: Bathroom Fittings
Pingback: sex webcam
Pingback: turism
Pingback: fitness business and marketing
Pingback: Painters in Denver
Pingback: waxless skis
Pingback: goals goals goals
Pingback: resume
Pingback: fraps full version download
Pingback: author
Pingback: skate ski boots
Pingback: pinoy channel
Pingback: localization
Pingback: club life
Pingback: prediksi togel
Pingback: best seinfeld episodes
Pingback: increase alexa rank
Pingback: Scott Tucker CBS
Pingback: Scott Tucker Racing
Pingback: Scott Tucker Racing
Pingback: escort girl paris
Pingback: Scott Tucker CBS
Pingback: Scott Tucker CBS
Pingback: just been paid facebook
Pingback: get paid advertising
Pingback: Kinky Curly Curling Custard
Pingback: marketing with anik review
Pingback: www.tracks-direct.com
Pingback: Vestiti da sposa Milano
Pingback: Video Presentations
Pingback: Fast SEO Results
Pingback: Montreal real estate photography
Pingback: how to burn the fat
Pingback: Dog Boarding Kennels For Sale
Pingback: Anwar Sadhe
Pingback: real estate
Pingback: overclocking software
Pingback: Marine performance parts
Pingback: merchant cash advance review
Pingback: merchant cash advance industry
Pingback: cam sex
Pingback: realistischer dildo
Pingback: Oakland sewer repair
Pingback: ferulic review
Pingback: Haley Mcleod
Pingback: Mrs Greenlief
Pingback: the haynes manual
Pingback: Fonda Hedgecock
Pingback: hemorrhoid treatment
Pingback: yoga for bodybuilders
Pingback: facebook video sexe
Pingback: Kompositfonster
Pingback: review japanese android
Pingback: Okna PCV Gniezno
Pingback: Okna Poznan
Pingback: Okna Poznan
Pingback: Hantelbank kaufen
Pingback: Okna Poznan
Pingback: Dachy
Pingback: classifieds
Pingback: Hyundai Visor Deflectors
Pingback: PCI
Pingback: photos sexe facebook
Pingback: EB1 Green Card
Pingback: Hyundai Window Deflectors
Pingback: live am telefon
Pingback: livecam mit girls
Pingback: Hyundai Tucson 2005- Headlights Cover
Pingback: Audi Q7 deflectors
Pingback: reputation management
Pingback: Ezequiel Minnis
Pingback: Chevrolet Lanos Window Deflectors
Pingback: unitedcashloans
Pingback: unitedcashloans.com
Pingback: colbert superpac
Pingback: Edu Backlinks in comments
Pingback: Pvc Nya
Pingback: Jailbreaking iPhone
Pingback: bowflex selecttech 552 dumbbells
Pingback: car insurance quotes
Pingback: bb guns
Pingback: protein bar
Pingback: myoplex
Pingback: social media management
Pingback: Oliver Kozinoga Traunreut
Pingback: wisdom teeth Beverly Hills
Pingback: Mens Yoga Clothing
Pingback: SEO Company San Diego
Pingback: Condit
Pingback: www.floridahomeinsurancequotes.com
Pingback: wasserkerne
Pingback: Scrapeboard
Pingback: hair salon santa monica
Pingback: gemstones
Pingback: ian calderon
Pingback: English spelling
Pingback: taylor swift concert dates
Pingback: north port tattoos
Pingback: men's motorcycle vests
Pingback: mujeres buscan hombres df
Pingback: joe rocket womens
Pingback: Dedicated Server
Pingback: Scrapebox VPS
Pingback: workers compensation
Pingback: this url
Pingback: www.searscard.com
Pingback: st george island beach house rental
Pingback: Suchmaschinenoptimierung
Pingback: discount code true nutrition
Pingback: pay day facts
Pingback: Alden Romaniak
Pingback: what is nopalea
Pingback: Bailbonds
Pingback: nicki minaj bio
Pingback: why I love skirts
Pingback: buy steroids
Pingback: jean skirt
Pingback: http://skirtsforwomen12.blogspot.com/
Pingback: Scrapebox
Pingback: white bunk beds
Pingback: blogging
Pingback: ankle length skirts
Pingback: VPS
Pingback: Buy Paper Milkshake Cups
Pingback: facebook fans samurai
Pingback: What Is Great
Pingback: more info
Pingback: black hat seo
Pingback: fashion clothing
Pingback: great skirts
Pingback: http://www.onlineinvestmentfund.com/page_custom.php?page=philosophy
Pingback: casque sans fil bluetooth
Pingback: flyttefirma
Pingback: game
Pingback: http://www.machineabiere.net/
Pingback: mobile cell tower
Pingback: commercial mailboxes
Pingback: glacière électrique
Pingback: mobile cell towers
Pingback: Recessed Toilet Paper Holder
Pingback: thank you for hpv
Pingback: hpv
Pingback: camescope hd
Pingback: indoor swimming pool
Pingback: michael
Pingback: Buy Silver Bullion
Pingback: white ceramic watches
Pingback: http://www.epilateurelectrique.net/
Pingback: Sell Gold Coins Online
Pingback: no no reviews
Pingback: no no
Pingback: wedding guests
Pingback: friteuse sans huile seb actifry
Pingback: http://www.montregps.org/
Pingback: http://www.rasoirelectrique.org/
Pingback: My Blog
Pingback: mini lave vaisselle 6 couverts
Pingback: disque dur interne
Pingback: click here
Pingback: weblando seo orlando
Pingback: tire online store
Pingback: dental implants
Pingback: http://www.piscineautoportante.net/
Pingback: bad credit mobile phones
Pingback: how to write a non-fiction book
Pingback: attorney auto accident llano ca
Pingback: http://www.sacochehomme.org/
Pingback: cocard merchant services