KitPloitKITPLOIT:1373460246636191844Functrace - A Function Tracer
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
60.0%
functrace is a tool that helps to analyze a binary file with dynamic instrumentation using DynamoRIO (<http://dynamorio.org/>).
These are some implemented features (based on DynamoRIO):
- disassemble all the executed code
- disassemble a specific function (dump if these are addresses)
- get arguments of a specific function (dump if these are addresses)
- get return value of a specific function (dump if this is an address)
- monitors application signals
- generate a report file
- ghidra(<https://ghidra-sre.org/>) coverage script (based on the functrace report file)
Setup
$ wget https://github.com/DynamoRIO/dynamorio/releases/download/release_7_0_0_rc1/DynamoRIO-Linux-7.0.0-RC1.tar.gz
$ tar xvzf DynamoRIO-Linux-7.0.0-RC1.tar.gz
OR
$ wget https://github.com/DynamoRIO/dynamorio/releases/download/cronbuild-7.91.18047/DynamoRIO-x86_64-Linux-7.91.18047-0.tar.gz
$ tar xvzf DynamoRIO-x86_64-Linux-7.91.18047-0.tar.gz
You can also clone and compile directly DynamoRIO
$ git clone https://github.com/invictus1306/functrace
$ mkdir -p functrace/build
$ cd functrace/build
$ cmake .. -DDynamoRIO_DIR=/full_DR_path/cmake/
$ make -j4
Using functrace
$ drrun -c libfunctrace.so -report_file report -- target_program [args]
Options
The following [functrace](<https://github.com/invictus1306/functrace>) options are supported:
-disassembly -> disassemble all the functions
-disas_func function_name -> disassemble only the function function_name
-wrap_function function_name -> wrap the function function_name
-wrap_function_args num_args -> number of arguments of the wrapped function
-cbr -> remove the bb from the cache (in case of conditional jump)
-report_file file_name -> report file name (required)
-verbose -> verbose
Simple usage
Option -verbose
$ drrun -c libfunctrace.so -report_file report -verbose -- target_program [args]
Option -disassemby
$ drrun -c libfunctrace.so -report_file report -disassembly -- target_program [args]
Option -disas_func
$ drrun -c libfunctrace.so -report_file report -disas_func name_function -- target_program [args]
Option -wrap_function and -wrap_function_args
$ drrun -c libfunctrace.so -report_file report -wrap_function name_function -wrap_function_args num_args -- target_program [args]
Option -cbr
$ drrun -c libfunctrace.so -report_file report -cbr -- target_program [args]
CVE-2018-4013 - Vulnerability Analysis
A vulnerability on the LIVE555 RTSP server library. This is the description.
Working enviroment
Tested on Ubuntu 16.04.5 LTS 64 bit
Future features
- Ghidra plugin
- Visual setup interface
- Store and compare different coverage analysis
- Run DR directy from ghidra
- Add more functionality to functrace
- Support for Android
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
60.0%