BugId - automated bug analysis
Category: Vulnerability Development
Summary: Whether you are looking for vulns, or handling vulns reported by others,
at some point you're going to have a repro that crashes an application
and you're going to want to know as much as possible about the bug it's
triggering, spending as little effort and time as possible doing this.
What you want is automated bug detection, analysis, triaging and
bucketizing. This is what BugId was designed to do and this talk will
explain how it works.
BugId is a python script that runs a Windows application in a debugger,
using page-heap to detect memory corruption and out-of-bound access
early. It handles exceptions and reports bugs not as "access violation"
but as "heap use-after-free", "heap out-of-bounds read", "NULL pointer
dereference", etc. It will tell you how big the relevant memory block is
and the offset at which the code is trying to access it. It will tell
you if the bug is likely to be exploitable and what an attacker might
need to do to exploit it. It can collect a large number of details and
write these into a human readable, HTML formatted report.
Since I am finding more than one unique bug a day with my fuzzing
framework, I've integrated it in my fuzzing framework to triage and
bucketize my bugs. It allows me to prioritize the interesting
vulnerabilities and jump-starts analysis by telling me most of the basic
information I need before I've even started a debugger.