Awesome
Zelos CrasHD Plugin
A plugin for Zelos to enhance crash triaging by performing dataflow & root cause analysis.
Optional Prerequisites
This plugin has an optional dependency on the graphviz package to render control flow graphs to png. The graphviz python package can be installed normally via pip install graphviz
, but will also require Graphviz itself to be installed locally as well. Instructions for installing Graphviz locally can be found here.
If you do not wish to install the graphviz package or Graphviz, you can safely ignore this optional dependency and zelos-crashd will still work as intended, but control flow graphs will not be rendered to png.
Installation
Install from pypi
$ pip install zelos-crashd
Or install directly from the repo
$ git clone https://github.com/zeropointdynamics/zelos-crashd.git
$ cd zelos-crashd
$ pip install .
Alternatively, install an editable version for development
$ git clone https://github.com/zeropointdynamics/zelos-crashd.git
$ cd zelos-crashd
$ pip install -e '.[dev]'
Related Resources
CrasHD Visualizer is a VS Code extension for visualizing the results & output of this plugin that features:
- Contextual source code highlighting
- Interactive graph of data flow
- Additional context & runtime information
CrasHD Examples is a collection of reproducible crashes that can be used with this plugin.
Usage
The following snippets use the example from examples-crashd/afl_training/vulnerable.c
After compiling the above example (vulnerable.c
) you can emulate the binary using zelos:
$ zelos vulnerable < inputs/crashing_input
To gain a more information on the crashing program, use the --taint
and --taint_output
flags in order to keep track of dataflow leading from the crash. When the --taint
flag is used, Zelos will calculate the dataflow and taint information related to the crash. --taint_output terminal
is used to specify that the output of --taint
will be to stdout.
$ zelos --taint --taint_output terminal vulnerable < inputs/crashing_input