How to analyze a program for vulnerabilities?

A

Arkady2015-12-01 15:41:44

Information Security

Arkady, 2015-12-01 15:41:44

Good afternoon!
How to analyze a program for vulnerabilities? For example, unpacked Adobe Photoshop in Program Files. He is working, he is running.
Are there any analyzer programs that can detect program errors, undeclared features, or just holes?
Thank you.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

V

Vladimir Martyanov, 2015-12-01
@vilgeforce

Get IDA, get a debugger. Open a file in Ida, smoke for a long time, look for suspicious places, check your guesses in the debugger. For automation, you spend a very long time learning what IDA is, what Assembler is for the target stone, how it all works, then write a Python script for Ida, which will look for suspicious places.

N

nirvimel, 2015-12-01
@nirvimel

Reverse engineering is a whole industry. There's a lot of money in there. Specialists have been picking someone else's code for years in search of vulnerabilities. Each freshly discovered yet unburned (and uncovered by the developer) zero-day vulnerability costs tens, sometimes hundreds (holes in the OS) of thousands of dollars. Even the NSA does not hesitate to buy them on the black market (Snowden had something about this).
And you say "analyzer programs"... If such a program existed, it would be just a machine that prints money.

G

g00dv1n, 2015-12-03
@g00dv1n

Not just picking mindlessly in the IDE and the debugger.
There are "fuzzer" programs, a good fuzzer saves the researcher from routine checks.
But only the inquisitive human mind can find kosher zealots.
https://vimeo.com/97909752