No Linux required
Since quite a while I intended to have a look at Valgrind to have some real fun with C, without having to assume where the errors are. Valgrind has been recommended by many very experienced people to me as "the solution". Nevertheless I didn't want a Linux VM. Even with Portable Ubuntu this sucks.
A new perspective for exploit development
Natively running Valgrind on MacOS X is possible. The feature-set doesn't contain PPC.
But, and that's amazing, memcheck for 32 and 64 Bit Intel. The executable Heap in MacOS X 10.5.x simply is an introduction to write exploits and to smash it. So in the past I had major issues with MallocScribble, which simply didn't really catch pointer-based problems or strategic information according to potencial heap-overflows during fuzzing processes.
Memcheck is much more precise, and as it seems, the Valgrind port is extendable with chroicle-recorder. I didn't test this jet.
Current status
The latest Valgrind release for MacOS X (3.3.1 r8180, VEX r1854) doesn't run perfectly well on 10.5.6. But it works. Still some syscalls are unrecognized, but for analyzing the heap in particular - a new era of breaking stuff and hardening it afterwards!
Have fun,
wishi
Post new comment