bugreport's initial goal is to find exploitable buffer overflows in x86 binaries, whether they be commercial or free software. Its capabilities were first demonstrated during The Black Hat Briefings USA and Defcon security conferences in 2006. It is currently released under the GPLv3 (draft 2). Usage (once built) is:
mono bugreport.exe foo.exe.dump
bugreport currently operates on the text output of objdump (part of binutils). It finds the main function and analyzes only that function for exploitable out-of-bound (OOB) writes. It fully handles intra-function value and pointer tracking. This includes assignments, addition, shift-left, and many other operations. It has mainly been tested on gcc 4.x (as shipped with Ubuntu 6.x) -O0 and -O2 binaries with debug info (-g), located in the tests/ directory of the sources. Discussion on the mailing list as to what to do next will follow and as features are integrated, status will be updated.
3/31/2007: bugreport now correctly analyzes the _start entry point, a necessary precursor to supporting ELF binaries. Initial ELF binary support should be implemented over the next few weeks, eliminating the necessity to operate on objdump output. Luis and Matt will be teaching a new and improved version of their class at The Black Hat Briefings USA 2007 in Las Vegas.
12/10/2006: Luis will be presenting a talk on bugreport at this year's Chaos Computer Congress in Germany. On the actual coding front, recent improvements to the code include support for branches and being able to express expected results in the .dump files.
9/1/2006: A first cut at a to-do list is now available, as is a new "real" demo program with intentional security holes, vuln_server.c
8/9/2006: Join the mailing list to hook up with developers to remotely (or locally!) pair with and/or have input on the iteration and release plans.
8/5/2006: Code announced at Defcon. Iteration, feature, and release discussions on the mailing list. Thanks to our core of pair programmers: Doug, Bryan, Todd, and Geoff. Super-thanks go to the attendees who volunteered to pair program with us!
Matt Hargett - Project coordinator, eXtreme Programming coach
Luis Miras - Programmer
YourKit is kindly supporting open source projects, including bugreport, with its full-featured .NET Profiler. YourKit, LLC is the creator of innovative and intelligent tools for profiling .NET and Java applications. Take a look at YourKit's leading software products: YourKit Java Profiler and YourKit .NET Profiler.