Closed Waterman178 closed 4 years ago
On whether taintgrind supports backward taint analysis, @mzmyslowski-cycura 's pull request (638fad2) adds size info (among other things), so that you can do the backward analysis on the information flow data.
@Waterman178 taintgrind is used to do the forward taint - it can do either data that are marked in the source code or the data from the input file. Then the log file is created. All data in the log file are enough to do the reverse taint. Also, an interesting tool that may help you, is the TTT coming from the WinDBG. It doesn't have the taint analysis but the recording option can be used easily to do the taint. I'm happy to continue the discussion offline :)
@Waterman178 taintgrind is used to do the forward taint - it can do either data that are marked in the source code or the data from the input file. Then the log file is created. All data in the log file are enough to do the reverse taint. Also, an interesting tool that may help you, is the TTT coming from the WinDBG. It doesn't have the taint analysis but the recording option can be used easily to do the taint. I'm happy to continue the discussion offline :)
Thank you for your reply, but this can only analyze the process, can not analyze the kernel, and if the target process is protected, it will not work.
That is correct. Taintgrind, which is based on Valgrind, is meant for analysing user-land code.
I am always looking for a debugger that supports system-wide taint analysis.but I only found free tools like panda.Unfortunately, its performance is too bad.When I run some large software in the vm, the whole system is very slow, I can't debug it at all.Finally I found a commercial tool. It is called tetrane.But I asked some people, they said that this tool is not as high-performance as it is advertised.I don't know if there is a debugger that supports full-system taint analysis on the market, and if you run Firefox, the system won't slow down.In addition, I am looking for an open source project, which is implemented by c or c++, and it support forward and backward taint analysis.I found an open source ida plugin. It's called bincat, but it's not c language, I studied it for a few days, headache, and couldn't understand.If you know any information, please let me know, thank you.