trailofbits / honeybee Goto Github PK
View Code? Open in Web Editor NEWAn experimental high performance, fuzzing oriented Intel Processor Trace capture and analysis suite
honeybee's People
Contributors
Stargazers
Watchers
Forkers
chanpu9 doytsujin c0de3 lukas-dresel stjordanis 0xb00siff clayne fengjixuchui ajunlonglive killvxkhoneybee's Issues
PSB + FUP decoder errors
When do we actually use the IP provided by an FUP in a PSB? It seems like we have decoding issues when the tracing is enabled while the process is running (so no PGE.TIP)
ipt decode error
During my fuzzing session I see a lot of following messages in honggfuzz output:
[2021-03-23T16:44:14+0100][E][2283475] arch_honeybeeAnalyze():198 ipt decode error on cpu=5, error=-4
kptr sysctl is set to 0
fuzzer@fuzzer:~$ sudo sysctl -a | grep kptr
kernel.kptr_restrict = 0
Machine is running i9 cpu: Intel(R) Core(TM) i9-9900K CPU @ 3.60GHz
Fuzzing target is a shared library (10 MB big, 32 bit, Linux) with separate fuzzing driver (clientfast) running in persistent mode. Cache was generated from shared library.
Honggfuzz command line is:
START_ADDRESS=0x00007ffff7403000
STOP_ADDRESS=0x00007ffff7d26000
sudo ~/ws/honggfuzz-honeybee/honggfuzz -f inupx --linux_honeybee_ipt_edge --honeybee_hive library.hive --honeybee_start_address ${START_ADDRESS} --honeybee_stop_address ${STOP_ADDRESS} -F 65535 -P -t 600 -T -N 100000000 -E MALLOC_CHECK_=3 -- ./clientfast
Build issues
$ cmake .
-- Configuring done
-- Generating done
-- Build files have been written to: /prg/tmp/Honeybee
$ make
[ 5%] Building C object CMakeFiles/honey_analyzer.dir/honey_analyzer/trace_analysis/ha_session.c.o
[ 10%] Building C object CMakeFiles/honey_analyzer.dir/honey_analyzer/processor_trace/ha_pt_decoder.c.o
[ 15%] Building C object CMakeFiles/honey_analyzer.dir/honey_analyzer/capture/ha_capture_session.c.o
[ 21%] Building C object CMakeFiles/honey_analyzer.dir/honeybee_shared/hb_hive.c.o
[ 26%] Linking C static library libhoney_analyzer.a
[ 26%] Built target honey_analyzer
Scanning dependencies of target honey_coverage
[ 31%] Building C object CMakeFiles/honey_coverage.dir/honey_coverage/main.c.o
[ 36%] Building C object CMakeFiles/honey_coverage.dir/honey_coverage/hc_tree_set.c.o
[ 42%] Linking C executable honey_coverage
/bin/ld: cannot open output file honey_coverage: Is a directory
collect2: error: ld returned 1 exit status
make[2]: *** [CMakeFiles/honey_coverage.dir/build.make:119: honey_coverage] Error 1
make[1]: *** [CMakeFiles/Makefile2:101: CMakeFiles/honey_coverage.dir/all] Error 2
make: *** [Makefile:103: all] Error 2
Also this build command in the README is incorrect:
$ cmake --build cmake-build-debug
Error: /prg/tmp/Honeybee/cmake-build-debug is not a directory
And there is a left over file: dependencies/build_depencies.sh
thank you!
[Question] Which CPU for the most number of ip filtering range ?
As the tiltle do you know which processor have the most number of ip filtering range (4) ? I checked the lastest core i9 11th gen but they only seem to support 2.
Disassembly uses sections instead of segments.
The disassembler is using elf sections (https://github.com/trailofbits/Honeybee/blob/master/honey_hive_generator/disassembly/hh_disassembly.c#L126) instead of segments to identify code to disassemble. However this not robust to various scenarios including stripped binaries and statically linked binaries. I believe the correct way to handle this would be to iterate the segments (program headers) that are actually used by the loader to map the file into memory.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.