-
Notifications
You must be signed in to change notification settings - Fork 5
Running sample_app
Toshi Piazza edited this page Mar 3, 2018
·
1 revision
sample_app is a simple application of taint analysis which taints pointers on process startup and when they are introduced into the system via mmap2 or brk. We can run it like this:
$ LD_BIND_NOW=1 drrun -c ./libdrtaint.so $(python ./scripts/relocs.py /bin/ls) -- /bin/ls
We must specify LD_BIND_NOW to force all GOT relocations to occur immediately by the loader (unless RELRO is specified as FULL for the application or it's statically compiled) so we may taint them on the first application instruction. In the future we may support hooking __dl_runtime_resolve() and we will not have this restriction; we will be able to taint GOT entries lazily as well.