Category Archives: Static Code Analysis

A PoC of DoS attack in Elixir Actor Model

The naive way of using the Actor model in Elixir is using “receive” in a loop, which is then “spawn”d as a Erlang process. Unfortunately, a potential DoS attack could happen if the pattern matching is not coded carefully with … Continue reading

Posted in Programming, Security, Static Code Analysis | Tagged , , , , | Leave a comment

A pitfall of GenServer programming in Elixir

OTP as a programming platform/framework, empowers not only Erlang, but also Elixir. This post looks into a pitfall when programming GenServer in Elixir, and provides a potential solution. All callbacks in the GenServer behavior have a limited and pre-defined possible … Continue reading

Posted in Programming, Static Code Analysis | Tagged , , , , | Leave a comment

Malware Reverse Engineering – Part II

While most tools for MRE are staightforward, some of them require time, patience, and skills to show the full power. For static analysis, this means IDA; for dynamic analysis, it is OllyDbg (and WinDbg for Windows kernel debugging). In this … Continue reading

Posted in Security, Static Code Analysis | Tagged , , , , , , , , , | Leave a comment

Malware Reverse Engineering – Part I

I took a “Malware Reverse Engineering (MRE)” class last semeter and it was fun to me, partially because I was not a Windows person, though I am still not. What seems ridiculous to me is how trivial one can write … Continue reading

Posted in Security, Static Code Analysis | Tagged , , , , , , , , , | Leave a comment

Valgrind – dynamic code analysis tool – part VII – ERROR: ld.so: object ‘/dev/shm/valgrind/lib/valgrind/vgpreload_core-amd64-linux.so’ from LD_PRELOAD cannot be preloaded: ignored.

Recently encountered a ld error when starting 64-bit valgrind (3.7.0) for 64-bit binary. This is a bug in 3.7.0 and the fix will be submitted into 3.8.0. Detailed info could be found via (https://bugs.kde.org/show_bug.cgi?id=286270). As always, we could either checkout … Continue reading

Posted in Static Code Analysis | Tagged , , | Leave a comment

Valgrind – dynamic code analysis tool – part VI – configure: error: please use gcc >= 3.0 or clang >= 2.9

This post is trying to figure out the reason why configure of valgrind may report the error like this – configure: error: please use gcc >= 3.0 or clang >= 2.9 and the stupid workaround to make the building go … Continue reading

Posted in Static Code Analysis | Tagged , , | Leave a comment

Valgrind – dynamic code analysis tool – part V – valgrind: failed to start tool ‘memcheck’ for platform …

This post contains certain error message when ‘Valgrind’ is called:┬ávalgrind: failed to start tool ‘memcheck’ for platform ‘XXXXXX’: No such file or directory. There is a tricky question – can 32-bit valgrind be run on 64-bit platform? The answer is … Continue reading

Posted in Static Code Analysis | Tagged , , | Leave a comment