-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME
27 lines (18 loc) · 2.03 KB
/
README
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
This directory contains materials related to using the binary-level
symbolic execution tool FuzzBALL to search for adaptors that show substitutability between binary code fragments. FuzzBALL itself is not
included in this directory; there is a suitable branched version of it here: https://github.com/vaibhavbsharma/fuzzball-adaptersynth.
and you can also see the public upstream version at
https://github.com/bitblaze-fuzzball/fuzzball
The "eg" directory contains examples of applying FuzzBALL to specific sets of target/reference pairs.
The "args-count" directory contains related tools which use FuzzBALL to infer which registers represent the arguments to a binary code function.
The eg/arm/ directory contains all the scripts needed to run argument substitution (synth-argsub-frag.pl), type conversion (synth-typeconv-frag.pl),
and arithmetic adapter (synth-arithmetic-frag.pl) families on the fragments of ARM binary code (present under fragments8/). The msi-scripts/
subdirectory contains helper scripts needed to setup experiments, run them on MSI (at UMN), and collect results from these experiments.
The eg/libc/ directory contains subdirectories to run the argument substitution (simple/synth-argsub.pl), type conversion (simple/synth-typeconv.pl)
and arithmetic (simple/synth-arithmetic.ml) adapter families. It also contains a directory (memsub/synth-memsub.pl) that runs the memory substitution adapter along
with argument substitution and return value substitution on a suitable subset of C library functions (functions that take exactly one structure argument
among all their arguments). The exp-scripts/ subdirectory contains scripts to setup experiments, run them in buckets, and harvest summary results
as well as the final adapters.
The eg/rc4_conc directory contains scripts to run concrete enumeration-based adapter search on the RC4 pairs of functions.
The eg/rc4_fb directory contains scripts to run symbolic execution-based adapter search on the RC4 pairs of functions.
The eg/lookup directory contains the security case study-related scripts.