A zelos plugin for crash analysis.
Project description
Zelos CrasHD Plugin
A plugin for Zelos to enhance crash triaging by performing dataflow & root cause analysis.
Optional Prerequisites
This plugin has an optional dependency on the graphviz package to render control flow graphs to png. The graphviz python package can be installed normally via pip install graphviz, but will also require Graphviz itself to be installed locally as well. Instructions for installing Graphviz locally can be found here.
If you do not wish to install the graphviz package or Graphviz, you can safely ignore this optional dependency and zelos-crashd will still work as intended, but control flow graphs will not be rendered to png.
Installation
Install from pypi
$ pip install zelos-crashd
Or install directly from the repo
$ git clone https://github.com/zeropointdynamics/zelos-crashd.git
$ cd zelos-crashd
$ pip install .
Alternatively, install an editable version for development
$ git clone https://github.com/zeropointdynamics/zelos-crashd.git
$ cd zelos-crashd
$ pip install -e '.[dev]'
Related Resources
CrasHD Visualizer is a VS Code extension for visualizing the results & output of this plugin that features:
- Contextual source code highlighting
- Interactive graph of data flow
- Additional context & runtime information
CrasHD Examples is a collection of reproducible crashes that can be used with this plugin.
Usage
The following snippets use the example from examples-crashd/afl_training/vulnerable.c
After compiling the above example (vulnerable.c) you can emulate the binary using zelos:
$ zelos vulnerable < inputs/crashing_input
To gain a more information on the crashing program, use the --taint and --taint_output flags in order to keep track of dataflow leading from the crash. When the --taint flag is used, Zelos will calculate the dataflow and taint information related to the crash. --taint_output terminal is used to specify that the output of --taint will be to stdout.
$ zelos --taint --taint_output terminal vulnerable < inputs/crashing_input
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
[Version 0.0.2] - 2020-08-06
Remove graphviz as a required dependency, add the taint_output flag.
Added
- taint_output flag
Changed
- N/A
Removed
- Dependency on graphviz package
[Version 0.0.1] - 2020-08-05
Initial public release.
Added
- Initial open source commit.
Changed
- N/A
Removed
- N/A
Authors
- Ryan Court
- Kevin Z. Snow
- Kevin Valakuzhy
- Suyup Kim
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
File details
Details for the file zelos-crashd-0.0.2.tar.gz.
File metadata
- Download URL: zelos-crashd-0.0.2.tar.gz
- Upload date:
- Size: 941.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/3.2.0 pkginfo/1.5.0.1 requests/2.24.0 setuptools/49.2.1 requests-toolbelt/0.9.1 tqdm/4.48.2 CPython/3.6.9
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 5376df3c771e02d1c2716bc8dda9b6a005c0997170c7450199f8e1a14a604183 |
|
| MD5 | d5cf49128e3ead2bab14ed7aba073b3a |
|
| BLAKE2b-256 | 4bdeec1c607b36a920f67f772c9ba40ed4fc62852b54e3bc83af19aeaac8c0fc |
