A plugin for Zelos to enhance crash triaging by performing dataflow & root cause analysis.

This plugin has an optional dependency on the graphviz package to render control flow graphs to png. The graphviz python package can be installed normally via pip install graphviz, but will also require Graphviz itself to be installed locally as well. Instructions for installing Graphviz locally can be found here.

If you do not wish to install the graphviz package or Graphviz, you can safely ignore this optional dependency and zelos-crashd will still work as intended, but control flow graphs will not be rendered to png.

Install from pypi

$ pip install zelos-crashd

Or install directly from the repo

$ git clone https://github.com/zeropointdynamics/zelos-crashd.git
$ cd zelos-crashd
$ pip install .

Alternatively, install an editable version for development

$ git clone https://github.com/zeropointdynamics/zelos-crashd.git
$ cd zelos-crashd
$ pip install -e '.[dev]'

CrasHD Visualizer is a VS Code extension for visualizing the results & output of this plugin that features:

• Contextual source code highlighting
• Interactive graph of data flow
• Additional context & runtime information

CrasHD Examples is a collection of reproducible crashes that can be used with this plugin.

The following snippets use the example from examples-crashd/afl_training/vulnerable.c

After compiling the above example (vulnerable.c) you can emulate the binary using zelos:

$ zelos vulnerable < inputs/crashing_input

To gain a more information on the crashing program, use the --taint and --taint_output flags in order to keep track of dataflow leading from the crash. When the --taint flag is used, Zelos will calculate the dataflow and taint information related to the crash. --taint_output terminal is used to specify that the output of --taint will be to stdout.

$ zelos --taint --taint_output terminal vulnerable < inputs/crashing_input