Code: analysis, bugs, and security

optional course, supported by Bitdefender

Instructor: Marius Minea, (Office: B531. Phone: +40-256-403284)
Lab: Andrei Ardelean, gmail: andreirardelean; Alex Petenchea, gmail: alex.petenchea
Course: Wed 8-10, ASPC
Lab: Fri 14-16, 16-18, B528

New: contest with special prizes for students participating in the course

last year's course

Course materials

  1. Introduction.
    Sample program: print addresses
  2. Assembly language.
    Sample programs: nested expression (and in three-address code), switch, array of function pointers, lists with pointers to pointers (commented .asm).
    See also: x86 Assembly Guide (David Evans, U. Virginia)
  3. Linking and loading. Scope and linkage in C
    good slides at UTexas (part1, part2)
    A very good
    summary (D. Beazley et al.)
    U. Drepper. How to write shared libraries very detailed; check sec.1.5.5 for explanation of GOT and PLT
    The example from class with PLT and relocation
  4. Obfuscation (summary). Extensive slideset (Christian Collberg, U. Arizona)
    Extra: This summer school has some more advanced talks
  5. Compilation and analysis with LLVM. Basic discussion. Intro and LLVM Passes (F. Pereira, UFMG), also tutorial from 2015 LLVM Dev meeting
  6. Static analysis.. A discussion on value range analysis (J. Regehr, U. Utah).
    A paper on property simulation (see example for comparing different analyses)
  7. Memory vulnerabilities
  8. Fuzzing and symbolic execution. More details: AFL, KLEE


  1. File formats. Write an unzip program, and check it against some test archives (with some problems)
    archive with all zip files. File zipinfo.txt describes each zip.
  2. Assembly language. Exercises from the lab + one challenge
  3. Linking and loading: lab programs for function hooking and mprotect (also updated for 64 bits).
    Useful reference: GDB command summary
  4. Obfuscation. binary for use in the lab.
  5. Writing LLVM passes. Starting point and full code written in the lab
  6. Writing a clang checker. Tutorial. archive with code
  7. Memory corruption vulnerabilities. test program.
  8. Fuzzing and symbolic execution. buggy program and initial archive for AFL

Project suggestions


Other courses

Marius Minea
Last modified: Fri Nov 24 8:00:00 EET 2017