Awesome

pathgrind

Path based Dynamic Analysis (Works for 32-bit programs only)

Requirements

• bzip2
• autoconf
• make
• gcc
• python
• gawk
• 32 bit libraries for ubuntu (sudo apt-get install ia32-libs)
• 32 bit c library for building c programs for testing with pathgrind (sudo apt-get install libc6-dev-i386)

On ubuntu you can install the dependencies using apt-get, e.g. sudo apt-get install autoconf

Installation

$ ./install.sh

Configuration

Configuration file: fuzz/settings.cfg

Execution

CLI: $ ./fuzz/fuzz.py

GUI: $ ./fuzz/gui.py

Example

$ ./fuzz/fuzz.py test6

New input are created in testcase/input/

Crash files are be saved in testcase/crash/

You can also read a fairly detailed tutorial on Pathgrind at the SRC:CLR blog

Publications

Exploiting Undefined Behaviors for Efficient Symbolic Execution, ICSE 2014

An Empirical Study of Path Feasibility Queries, CoRR 2013

A Critical Review of Dynamic Taint Analysis and Forward Symbolic Execution, Technical Report NUS 2012