Awesome
pathgrind
Path based Dynamic Analysis (Works for 32-bit programs only)
Requirements
- bzip2
- autoconf
- make
- gcc
- python
- gawk
- 32 bit libraries for ubuntu (sudo apt-get install ia32-libs)
- 32 bit c library for building c programs for testing with pathgrind (sudo apt-get install libc6-dev-i386)
On ubuntu you can install the dependencies using apt-get, e.g. sudo apt-get install autoconf
Installation
$ ./install.sh
Configuration
Configuration file: fuzz/settings.cfg
Execution
CLI: $ ./fuzz/fuzz.py
GUI: $ ./fuzz/gui.py
Example
$ ./fuzz/fuzz.py test6
New input are created in testcase/input/
Crash files are be saved in testcase/crash/
You can also read a fairly detailed tutorial on Pathgrind at the SRC:CLR blog
Publications
Exploiting Undefined Behaviors for Efficient Symbolic Execution, ICSE 2014
An Empirical Study of Path Feasibility Queries, CoRR 2013
A Critical Review of Dynamic Taint Analysis and Forward Symbolic Execution, Technical Report NUS 2012