2

Suppose I have a ton of test cases and my target is closed-source. Well, I need to know which test cases discover new path in the execution of my target and which are duplicated. I know I have to use DBI frameworks such as DynamoRIO, Intel Pin and others. But, I cannot figure out how to use them, in the other words, I got confused to how I should save trace map and check them for a ton of test cases!?

Another question is, how can we figure out a test case is good and interesting during fuzzing test? Just discovering new path?

Improve this question

1 Answer 1

Reset to default
1

If you want to discover new test cases (or check that a test case is valuable) on a binary, the good way to go is to use tools such as KLEE (see this small tutorial).

The point is too use symbolic execution to try to cover a maximum of the possible execution paths which are in the binary.

So, I would advise you to take a deeper look at the symbolic execution approach.

Improve this answer
3
  • 1
    Although symbolic execution is one way of measuring the value of test cases, it is not the only one. For example, coverage measures are also a valid approach (that fits OPs intentions of using a dynamic instrumentation tools).
    – NirIzr
    Commented Jul 22, 2018 at 19:39
  • 1
    AFL comes to mind ...
    – 0xC0000022L
    Commented Nov 20, 2018 at 9:32
  • yes, definitely!
    – perror
    Commented Nov 20, 2018 at 10:39

Not the answer you're looking for? Browse other questions tagged or ask your own question.