Linux Kernel dynamic taint analysis

JonathanSalwan / Triton

Triton is a dynamic binary analysis library. Build your own program analysis tools, automate your reverse engineering, perform software verification or just emulate code.

https://triton-library.github.io

Apache License 2.0

3.4k stars 524 forks source link

Linux Kernel dynamic taint analysis #1277

Closed amita1101 closed 9 months ago

amita1101 commented 10 months ago

Can I do dynamic tainting on Linux Kernel's latest versions using the Triton tool? is it possible to explore all the paths?

JonathanSalwan commented 10 months ago

With taint analysis alone you can't explore all paths. For exploring, you have to generate good inputs and for generating good inputs you have to rely on symbolic execution. In theory you can do everything you want but in practice it's ambitious to explore all paths. Especially on a whole kernel. However, specific and well defined parts of a kernel yes.