From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from resqmta-po-08v.sys.comcast.net (resqmta-po-08v.sys.comcast.net [IPv6:2001:558:fe16:19:96:114:154:167]) by sourceware.org (Postfix) with ESMTPS id 985133851C2B for ; Wed, 14 Apr 2021 18:48:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 985133851C2B Received: from resomta-po-16v.sys.comcast.net ([96.114.154.240]) by resqmta-po-08v.sys.comcast.net with ESMTP id WjTulyq9NArcZWkYtlQDDd; Wed, 14 Apr 2021 18:48:27 +0000 Received: from pkoning.akdesign.com ([73.60.223.101]) by resomta-po-16v.sys.comcast.net with ESMTPSA id WkYnlIssTtZBaWkYrlvDzX; Wed, 14 Apr 2021 18:48:27 +0000 X-Xfinity-VAAS: gggruggvucftvghtrhhoucdtuddrgeduledrudeluddgudefudcutefuodetggdotefrodftvfcurfhrohhfihhlvgemucevohhmtggrshhtqdftvghsihdpqfgfvfdppffquffrtefokffrnecuuegrihhlohhuthemuceftddunecunecujfgurheptggguffhjgffgffkfhfvofesthhqmhdthhdtvdenucfhrhhomheprfgruhhlucfmohhnihhnghcuoehprghulhhkohhnihhnghestghomhgtrghsthdrnhgvtheqnecuggftrfgrthhtvghrnhepvddtveejueehhfeivdetffejueffheekgfduuedtvefffeekieejleefveeuhfegnecukfhppeejfedriedtrddvvdefrddutddunecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehhvghlohepphhkohhnihhnghdrrghkuggvshhighhnrdgtohhmpdhinhgvthepjeefrdeitddrvddvfedruddtuddpmhgrihhlfhhrohhmpehprghulhhkohhnihhnghestghomhgtrghsthdrnhgvthdprhgtphhtthhopehhrggtkhefrhgtohhnseihrghhohhordgtohhmpdhrtghpthhtohepghgusgesshhouhhrtggvfigrrhgvrdhorhhg X-Xfinity-VMeta: sc=0.00;st=legit Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\)) Subject: Re: Is GDB just for bug hunting? From: Paul Koning In-Reply-To: <380743744.1194751.1618425458396@mail.yahoo.com> Date: Wed, 14 Apr 2021 14:48:21 -0400 Cc: Eli Zaretskii via Gdb Content-Transfer-Encoding: quoted-printable Message-Id: <40861674-D931-44C6-A4CE-50DC6516DEDF@comcast.net> References: <581661034.1177110.1618422536149.ref@mail.yahoo.com> <581661034.1177110.1618422536149@mail.yahoo.com> <6D6283C4-4860-48E3-B01F-B6C7687A300D@comcast.net> <380743744.1194751.1618425458396@mail.yahoo.com> To: Jason Long X-Mailer: Apple Mail (2.3445.104.17) X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, JMQ_SPF_NEUTRAL, RCVD_IN_DNSWL_LOW, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: gdb@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gdb mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Apr 2021 18:48:30 -0000 > On Apr 14, 2021, at 2:37 PM, Jason Long wrote: >=20 > Thank you for your useful info. > If a program is close source, then code review canceled. Thus, how a = security researcher finds a vulnerability in a program? Agreed, code review only applies if the source is visible. More = precisely, if the source is allowed to be disclosed; researchers looking = at the code while under NDA does not count and serves no significant = purpose. In those case, you're left with test stimuli and reverse engineering. = For "never seen before" defects, you either need luck (an existing test = happens to catch it) or a different kind of luck (you created a new test = that happens to catch it) or lots of skill (you saw the issue during a = reverse engineering session). GDB can help with reverse engineering. It's probably not ideal for = disassembly let alone decompiling, but it does offer disassembly and it = also gives you insight into the state of the running application and how = it changes during execution. paul