The Security Risk Detection fuzzer suite, like any fuzzer, executes the target application repeatedly, each time modifying the inbound data to maximize code coverage while causing hangs, leaks, exceptions, or crashes. To do this, the suite must be provided an entry-point executable, or EPE – that is, a program it can call – that takes a file path as an argument (either the sole argument or one of many).
Standard Form – Ready to Go
Many applications are their own EPE. Notepad, for example, and most text editors, most Office apps, media players, and so on, can be launched from the console with the target file as an argument:
\> C:\Windows\System32\notepad.exe c:\someTestFile.txt
In Security Risk Detection, we say the application is in standard form – that is, the data parser you want to exercise is resident in (or is contained in a library loaded by) an executable that’s part of the application footprint and that can be called in this manner.
Nonstandard Forms Require a Harness
In many other cases, however, the code you want to test is not so conveniently packaged. For example, you might want to evaluate the security of a client/server application: this typically requires the server process or processes to be started prior to calling them with the client. Or you might have a DLL that you want to exercise, but there’s isn’t an entry point defined in the file from which execution could commence.
These sorts of applications, services, and libraries require a test harness to bridge the gap: a custom executable that reads in file data and pipes or otherwise transmits the data to the target data parser so that the Security Risk Detection fuzzer suite can test it.
If the parser does not read a file but instead takes a data structure as input (e.g., a network packet), you can write a test driver that reads the contents of a file, creates an input data structure with the file content, and then calls the parser to be fuzzed with that data structure as argument. Such a test driver reduces fuzzing this parser to a file fuzzing scenario supported by Security Risk Detection. Fortunately, many fuzzing scenarios can be reduced to file fuzzing.