git clone https://github.com/google/gwpsan.git
CC=<path to clang-18 or later>
CXX=<path to clang++-18 or later>
bazel build --action_env=CC="$CC" --action_env=CXX="$CXX" -c opt
$( [[ $(uname -m) == "x86_64" ]] && echo --config=x86_64 )
//gwpsan/unified:libgwpsan.so //gwpsan/unified:gwpsan_archive
GWPSAN_CFLAGS=-fexperimental-sanitize-metadata=atomics,uar
clang++ $GWPSAN_CFLAGS -c example.cpp -o example.o
...
clang++ -o example example.o ...
-Wl,--whole-archive "${GWPSAN_ROOT}/bazel-bin/gwpsan/unified/libgwpsan.a" -Wl,--no-whole-archive
clang++ $GWPSAN_CFLAGS -c example.cpp -o example.o
...
clang++ -o example example.o ...
LD_PRELOAD="${GWPSAN_ROOT}/bazel-bin/gwpsan/unified/libgwpsan.so" ./example
启用采样和工具
-
tsan:检测数据竞争,启用和禁用命令为GWPSAN_OPTIONS=tsan=0/1; -
uar:检测使用后返回错误,启用和禁用命令为GWPSAN_OPTIONS=uar=0/1; -
lmsan:检测未初始化值的使用,启用和禁用命令为GWPSAN_OPTIONS=lmsan=0/1;
GWPSAN_OPTIONS=sample_interval_usec=1000000:halt_on_error:tsan:uar:lmsan
CC=<path to clang-18 or later>
CXX=<path to clang++-18 or later>
bazel test --action_env=CC="$CC" --action_env=CXX="$CXX" --config=dev
$( [[ $(uname -m) == "x86_64" ]] && echo --config=x86_64 )
//gwpsan/...
原文始发于微信公众号(FreeBuf):GWPSan:一款基于数据采样的二进制代码动态安全检测框架
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
- 右白虎
- 微信扫一扫
评论