How can I use dr_checker to do common static analysis?

[tomgu1991]

Hi,

Well, it is interesting to use this tool to analyze vulnerabilities in drivers. But can I use it for common static analysis?

Basically, I have a single file with a makefile file. Can I use dr_checker to detect vulnerabilities? Furthermore, I have a buildable project with a makefile.

Can anyone show me the detail steps?

Thanks!

[Machiry]

As of now, DR.CHECKER is customized to analyzing the kernel code. We may in near future ( ~ 1 month) release a general purpose taint based vulnerability finding tool based on the DR.CHECKER principles.

However, you can give it a try. Following are the two places you can start with:

1. Look into KernelCustomizations for the specific changes we made to analyze kernel drivers.
2. Look into SoundyAliasAnalysis.cpp to know, How we start the tainting process for each entry point.

[ch1dyc4t]

Hey,@Machiry

When will the general vulnerabilities detection version be released?

I also want to use dr_checker to detect vulnerabilities in my project which is written by C with makefile.

Thank you.