1.LibFuzzer workshop学习之路(final)
2.java webçå¼åç¨ä»ä¹å¼åå·¥å
·ï¼
3.å¦ä½å¶ä½çµå书ï¼
LibFuzzer workshop学习之路(final)
libfuzzer workshop是源码一次深入的fuzzing学习之旅,本文精选最后两个案例 - 针对re2和pcre2的源码fuzz,深入探讨了链接库选择、源码插桩编译参数设置及max_len对结果的源码lua require 源码影响。
以pcre2为例,源码作为Perl兼容的源码正则表达式库,其在许多开源软件中被广泛使用。源码进行源码编译时,源码需注意通过特定插桩参数优化编译效率。源码设置如fuzzer-no-link参数来确保不链接主符号,源码尤其在处理大型项目时,源码编辑板源码能显著提升fuzz效率。源码
编译过程中,源码根据pcre2的源码特性添加了如--with-match-limit和--with-match-limit-recursion限制匹配操作的资源使用和递归深度,以及--enable-never-backslash-C禁用特定正则模式,源码优化匹配过程。osek vdx源码之后,分析提供的harness实现逻辑,结合参数优化执行,很快得到了crash现象。研究崩溃发生的web主页源码具体位置,定位漏洞所在函数,并一步步追溯其调用链,对整个过程的细节进行了详尽的剖析。
针对re2库的fuzzing,展示了max_len选择对fuzz过程的viewgroup 源码解析重要性。不同长度设置下的探测效果差异显著,max_len值决定样本长度范围,从而影响寻找覆盖点的速度。通过对比不同max_len的探测结果,可以清晰地看到其对fuzz效率的影响,合理选择max_len值可以显著提升发现crash的概率。
学习总结指出,在libfuzzer workshop中,libfuzzer作为强大而常用的fuzz工具,其对开源库接口函数的fuzz能力突出。然而,设计合适的harness是挑战,需要深入了解要fuzz的开源库接口,通过逐步优化来接近发现crash的目标。
本文展示了libfuzzer workshop的关键点,从源码准备、参数优化到harness的构造和性能调优,再到深入分析crash定位和漏洞修复策略,全面展示了学习libfuzzer的深度与广度。
java webçå¼åç¨ä»ä¹å¼åå·¥å ·ï¼
1ãJDK ï¼Java Development Kitï¼Javaå¼åå·¥å ·é
SUNçJavaä¸ä» æäºä¸ä¸ªä¸°å¯çè¯è¨åè¿è¡ç¯å¢ï¼èä¸è¿æäºä¸ä¸ªå è´¹çJavaå¼åå·¥å ·é(JDK)ãå¼å人ååæç»ç¨æ·å¯ä»¥å©ç¨è¿ä¸ªå·¥å ·æ¥å¼åjavaç¨åºã
ããJDKç®åæå¦ï¼å¯ä»¥éè¿ä»»ä½ææ¬ç¼è¾å¨ï¼å¦ï¼Windows è®°äºæ¬ãUltrEditãEditplusãFrontPage以ådreamweaverçï¼ç¼åJavaæºæ件ï¼ç¶åå¨DOSç¶åµä¸å©éè¿javacå½ä»¤å°Javaæºç¨åºç¼è¯æåèç ï¼éè¿Javaå½ä»¤æ¥æ§è¡ç¼è¯åçJavaæ件ï¼è¿è½å¸¦ç»DOSæ¶ä»£ç¨åºåç¾å¥½çåå¿ãJava åå¦è ä¸è¬é½éç¨è¿ç§å¼åå·¥å ·ã
ããä»åå¦è è§åº¦æ¥çï¼éç¨JDKå¼åJavaç¨åºè½å¤å¾å¿«ç解ç¨åºä¸åé¨å代ç ä¹é´çå ³ç³»ï¼æå©äºç解Javaé¢å对象ç设计ææ³ãJDKçå¦ä¸ä¸ªæ¾èç¹ç¹æ¯éçJava ï¼J2EEãJ2SE以åJ2MEï¼çæ¬çå级èå级ãä½å®ç缺ç¹ä¹æ¯é常ææ¾çå°±æ¯ä»äºå¤§è§æ¨¡ä¼ä¸çº§Javaåºç¨å¼åé常å°é¾ï¼ä¸è½è¿è¡å¤æçJava软件å¼åï¼ä¹ä¸å©äºå¢ä½ååå¼åã
2ãJava Workshop
Sun MicroSystemså ¬å¸äºæ¨åºäºJava WorkShop 1.0ï¼è¿æ¯ä¸çåºç°ç第ä¸ä¸ªä¾Internetç½ä½¿ç¨çå¤å¹³å°å¼åå·¥å ·ï¼å®å¯ä»¥æ»¡è¶³åå ¬å¸å¼åInternetåIntranetç½åºç¨è½¯ä»¶çéè¦ãJava WorkShopå®å ¨ç¨Javaè¯è¨ç¼åï¼æ¯å½ä»å¸åºä¸éå®ç第ä¸ä¸ªå®å ¨çJavaå¼åç¯å¢ï¼ç®åJava WorkShopçææ§çæ¬æ¯3.0ãJava Workshopçç¹ç¹è¡¨ç°å¦ä¸ï¼
ãã1ï¼ç»ææäºå建ï¼å¨å建平å°ä¸ç«çç½æ ¼ç»ææ¹é¢ï¼Java Workshopæ¯å ¶ä»ä»»ä½ä¸ç§Javaå¼åå·¥å ·é½è¦æ¹ä¾¿ã
ãã2ï¼å¯è§åç¼ç¨ï¼Java Workshopçå¯è§åç¼ç¨ç¹æ§æ¯å¾åºæ¬çãJava Workshopå 许ç¨åºåéæ°å®æè¿äºæä½ï¼çè³å¯ä»¥ç¡®å®è§¦åæä½è¡ä¸ºçè¿æ»¤å¨ãJava Workshop产çç模æ¿å¸¦æ许å¤æ³¨éï¼è¿å¯¹ç¨åºåæ¯å¾æ帮å©çã
ããæ¤å¤ï¼Java WorkShopæ¯æJDK以åJavaBeansç»ä»¶æ¨¡åï¼APIåè¯è¨ç¹å¾å¢å äºç¼è¯Javaåºç¨ç¨åºççµæ´»æ§ã Java WorkShopå¼åç¯å¢ç±äºå®å ¨ç¨Javaåæï¼æ以å¯ç§»æ¤æ§æ好,以è´äºå¤ä¸ªå¹³å°é½è½æ¯æ,ç®åJava WorkShopæ¯æSolarisæä½ç¯å¢SPARCåIntel çï¼ãWindowsãWindowsNTã以åHP/Uxçå¹³å°ãéåäºåå¦è è¿è¡ä¸äºç®åçJavaç¼ç¨ãJava WorkShopç缺ç¹æ¯Java Workshopä¸çæ¯ä¸ä¸ªå¯è§å对象é½è¿æ©ä¼ç¨å°ç½æ ¼å¸å±ï¼è¿ç§è®¾è®¡æ¹æ³æ¯è®¸å¤äººä¸ä¹ æ¯çï¼Java Workdshopçè°è²æ¿æ¯è¾å·®çï¼ä» ä» è½æ»¡è¶³ç»å¤§é¨ååºç¨çåºæ¬è¦æ±ã
3ãNetBeans ä¸Sun Java Studio 5
æ¯å¼æ¾æºç çJavaéæå¼åç¯å¢(IDE)ï¼éç¨äºåç§å®¢æ·æºåWebåºç¨ãSun Java Studioæ¯Sunå ¬å¸ææ°åå¸çåç¨å ¨åè½Java IDEï¼æ¯æSolarisãLinuxåWindowså¹³å°ï¼éäºå建åé¨ç½²2å±Java Webåºç¨ånå±J2EEåºç¨çä¼ä¸å¼å人å使ç¨ã
ããNetBeansæ¯ä¸ç第ä¸æ¬¾æ¯æåæ°åJavaå¼åçå¼æ¾æºç IDEãå¼å人åå¯ä»¥å©ç¨ä¸ç强大çå¼åå·¥å ·æ¥æ建æ¡é¢ãWebæ移å¨åºç¨ãåæ¶ï¼éè¿NetBeansåå¼æ¾çAPIç模ååç»æï¼ç¬¬ä¸æ¹è½å¤é常轻æ¾å°æ©å±æéæNetBeanså¹³å°ã
ããNetBeans主è¦é对ä¸è¬Java软件çå¼åè ï¼èJava One Studio5å主è¦é对ä¼ä¸åç½ç»æå¡çåºç¨çå¼åè ãSunä¸ä¹ è¿å°æ¨åºProject Raveï¼å ¶ç®æ æ¯å¸®å©ä¼ä¸çå¼åè è¿è¡è½¯ä»¶å¼åã
NetBeans
etBeans çæ¬ä¸å ¶ä»å¼åå·¥å ·ç¸æ¯ï¼æ大åºå«å¨äºä¸ä» è½å¤å¼ååç§å°å¼æºä¸çåºç¨ï¼èä¸å¯ä»¥ç¨æ¥å¼åç½ç»æå¡æ¹é¢çåºç¨ï¼å¯ä»¥å¼ååºäºJ2MEç移å¨è®¾å¤ä¸çåºç¨çãå¨NetBeans 3.5.1åºç¡ä¸ï¼Sunå¼ååºäºJava One Studio5ï¼ä¸ºç¨æ·æä¾äºä¸ä¸ªæ´å å è¿çä¼ä¸ç¼ç¨ç¯å¢ãå¨æ°çJava One Studio5éæä¸ä¸ªåºç¨æ¡æ¶ï¼å¼åè å¯ä»¥å©ç¨è¿äºæ¨¡åå¿«éå¼åèªå·±å¨ç½ç»æå¡æ¹é¢çåç§åºç¨ç¨åºã
4ãBorland çJBuilder
Jbuilderè¿å ¥äºJavaéæå¼åç¯å¢ççå½ï¼å®æ»¡è¶³å¾å¤æ¹é¢çåºç¨ï¼å°¤å ¶æ¯å¯¹äºæå¡å¨æ¹ä»¥åEJBå¼åè 们æ¥è¯´ãä¸é¢ç®åä»ç»ä¸ä¸Jbuilderçç¹ç¹:
ãã1ï¼Jbuilderæ¯æææ°çJavaææ¯ï¼å æ¬AppletsãJSP/ServletsãJavaBean以åEJB(Enterprise JavaBeans)çåºç¨ã
ãã2ï¼ç¨æ·å¯ä»¥èªå¨å°çæåºäºå端æ°æ®åºè¡¨çEJB Javaç±»ï¼Jbuilderåæ¶è¿ç®åäºEJBçèªå¨é¨ç½²åè½.æ¤å¤å®è¿æ¯æCORBAï¼ç¸åºçå导ç¨åºæå©äºç¨æ·å ¨é¢å°ç®¡çIDL(åå¸åºç¨ç¨åºæå¿ éçæ¥å£å®ä¹è¯è¨Interface Definition Language)åæ§å¶è¿ç¨å¯¹è±¡ã
ãã3ï¼Jbuilderæ¯æåç§åºç¨æå¡å¨ãJbuilderä¸Inprise Application Serverç´§å¯éæï¼åæ¶æ¯æWebLogic Serverï¼æ¯æEJB 1.1åEJB 2.0ï¼å¯ä»¥å¿«éå¼åJ2EEççµååå¡åºç¨ã
ãã4ï¼Jbuilderè½ç¨ServletåJSPå¼ååè°è¯å¨æWeb åºç¨ã
ãã5ï¼å©ç¨Jbuilderå¯å建(没æä¸æ代ç åæ è®°)纯Java2åºç¨ãç±äºJbuilderæ¯ç¨çº¯Javaè¯è¨ç¼åçï¼å ¶ä»£ç ä¸å«ä»»ä½ä¸å±ä»£ç åæ è®°ï¼å®æ¯æææ°çJavaæ åã
ãã6ï¼Jbuilderæ¥æä¸ä¸åçå¾å½¢è°è¯ä»é¢ï¼æ¯æè¿ç¨è°è¯åå¤çº¿ç¨è°è¯ï¼è°è¯å¨æ¯æåç§JDKçæ¬,å æ¬J2ME/J2SE/J2EEã
ããJBuilderç¯å¢å¼åç¨åºæ¹ä¾¿ï¼å®æ¯çº¯çJava å¼åç¯å¢ï¼éåä¼ä¸çJ2EEå¼åï¼ç¼ºç¹æ¯å¾å¾ä¸å¼å§äººä»¬é¾äºææ¡æ´ä¸ªç¨åºåé¨åä¹é´çå ³ç³»ï¼å¯¹æºå¨ç硬件è¦æ±è¾é«ï¼æ¯è¾åå åï¼è¿æ¶è¿è¡é度æ¾å¾è¾æ ¢ã
5ãOracle çJDeveloper
Oracle9i JDeveloperï¼å®ä¸º9.0çï¼ææ°ä¸ºgï¼ä¸ºæå»ºå ·æJ2EEåè½ï¼XMLåWeb servicesçå¤æçï¼å¤å±çJavaåºç¨ç¨åºæä¾äºä¸ä¸ªå®å ¨éæçå¼åç¯å¢ãå®ä¸ºè¿ç¨Oracle9iæ°æ®åºååºç¨æå¡å¨çå¼å人åæä¾ç¹æ®çåè½åå¢å¼ºæ§è½ï¼é¤æ¤ä»¥å¤ï¼å®ä¹æèµæ ¼æ为ç¨äºå¤ç§ç¨éJavaå¼åçä¸ä¸ªå¼ºå¤§çå·¥å ·ã
ããOracle9i JDeveloperç主è¦ç¹ç¹å¦ä¸ï¼
ããâ å ·æUMLï¼Unified Modeling Languageï¼ä¸ä½å建模è¯è¨ï¼å»ºæ¨¡åè½ãå¯ä»¥å°ä¸å¡å¯¹è±¡åe-businessåºç¨æ¨¡ååã
ããâ¡ é å¤æé«éJavaè°è¯å¨ï¼Debugerï¼ãå ç½®Profilingå·¥å ·ãæé«ä»£ç è´¨éçå·¥å ·âCodeCoachâçã
ãã⢠æ¯æSOAPï¼Simple Object Access Protocolï¼âç®å对象访é®åè®®âãUDDIï¼Universal Description, Discovery and Integrationï¼âç»ä¸æè¿°ãåç°åéæåè®®âãWSDLï¼Web Services Description Languageï¼âWEBæå¡æè¿°è¯è¨âçWebæå¡æ åã
ããJDeveloper ä¸ä» ä» æ¯å¾å¥½ç Java ç¼ç¨å·¥å ·ï¼èä¸æ¯ Oracle Web æå¡ç延伸ï¼æ¯æ Apache SOAPï¼ä»¥å 9iAS ï¼å¯æ©å çç¯å¢å XML å WSDL è¯è¨ç´§å¯ç¸å ³ãOracle9i Jdeveloperå®å ¨å©ç¨Javaç¼åï¼è½å¤ä¸ä»¥åçOracleæå¡å¨è½¯ä»¶ä»¥åå ¶ä»ååæ¯æJ2EEçåºç¨æå¡å¨äº§åç¸å ¼å®¹ï¼èä¸å¨è®¾è®¡æ¶çéé对Oracle9iï¼è½å¤æ ç¼å跨平å°ä¹é´çåºç¨å¼åï¼æä¾äºä¸ç第ä¸ä¸ªå®æ´çãéæäºJ2EEåXMLçå¼åç¯å¢ï¼å 许å¼åè å¿«éå¼åå¯ä»¥éè¿Webãæ 线设å¤åè¯é³çé¢è®¿é®çWebæå¡å交æåºç¨ï¼ä»¥å¾åªè½éè¿å°ä¼ ç»Javaç¼ç¨æå·§ä¸ææ°æ¨¡ååæ¹å¼ç»åå°ä¸ä¸ªåä¸éæçå¼åç¯å¢ä¸ä¹åæè½å®æJ2EEåºç¨å¼åçå½å¨æ管ççäºå®ï¼ä»æ ¹æ¬ä¸å¾å°æ¹åã缺ç¹å°±æ¯å¯¹äºåå¦è æ¥è¯´ï¼è¾å¤æï¼ä¹æ¯è¾é¾ã
6ãIBMçVisual Age for Java
Visual Age for Javaæ¯ä¸ä¸ªé常æççå¼åå·¥å ·ï¼å®çç¹æ§ä»¥äºITå¼åè åä¸ä½çJavaç¼ç¨äººåæ¥è¯´é½æ¯é常ç¨æç¨çãå®æä¾å¯¹å¯è§åç¼ç¨ç广æ³æ¯æï¼æ¯æå©ç¨CICSè¿æ¥éä¼ å¤§åæºåºç¨ï¼æ¯æEJBçå¼ååºç¨ï¼æ¯æä¸Websphereçéæå¼åï¼æ¹ä¾¿çbeanå建åè¯å¥½çå¿«éåºç¨å¼å(RAD)æ¯æåæ æ件å¼çæ件å¤çã
ããIBM为建设Webç«ç¹ææ¨åºçWebSphere Studio Advanced Editionåå ¶å å«çVisualAge for Java Professional Editionè½¯ä»¶å·²å ¨é¢è½¬å以Java为ä¸å¿ï¼è¿æ ·ï¼Javaå¼å人å对WebSphereå ¨å¥å·¥å ·çæè§æ许ä¼å¥½äºè®¸å¤ãStudioææä¾çå·¥å ·æï¼Webç«ç¹ç®¡çãå¿«éå¼å JDBC页å导ç¨åºãHTMLç¼è¾å¨åHTMLè¯æ³æ£æ¥çãè¿ç¡®å®æ¯ä¸ªä¸éçHTMLç«ç¹é¡µé¢ç¼è¾ç¯å¢ãStudioåVisualAgeéæ度å¾é«ï¼èåä¸æä¾äºå¨ä¸¤ç§è½¯ä»¶å ä¹é´å¿«é移å¨ä»£ç çé项ãè¿å°±è®©ä½¿ç¨StudioçWeb页é¢è®¾è®¡äººåå使ç¨VisualAgeçJavaç¨åºåå¯ä»¥ç¸äºäº¤æ¢æ件ãååå·¥ä½ã
ããVisual Age for Javaæ¯æå¢éå¼åï¼å ç½®ç代ç åºå¯ä»¥èªå¨å°æ ¹æ®ç¨æ·ååºæ¹å¨èä¿®æ¹ç¨åºä»£ç ï¼è¿æ ·å°±å¯ä»¥å¾æ¹ä¾¿å°å°ç®å代ç åæ©æçæ¬ååºæ¯è¾ãä¸Visual Ageç´§å¯ç»åçWebsphere Studioæ¬èº«å¹¶ä¸æä¾æºä»£ç åçæ¬ç®¡ççæ¯æï¼å®åªæ¯å å«äºä¸ä¸ªå ç½®æ件éå®ç³»ç»,å½ç¼è¾é¡¹ç®çæ¶åå¯ä»¥é²æ¢å ¶ä»äººå¯¹è¿äºæ件çé误修æ¹ï¼è½¯ä»¶è¿æ¯æ诸å¦Microsoft Visual SourceSafeè¿æ ·ç第ä¸æ¹æºä»£ç æ§å¶ç³»ç»ãVisual Age for Javaå®å ¨é¢å对象çç¨åºè®¾è®¡ææ³ä½¿å¾å¼åç¨åºé常快éãé«æãä½ å¯ä»¥ä¸ç¼åä»»ä½ä»£ç å°±å¯ä»¥è®¾è®¡åºä¸ä¸ªå ¸åçåºç¨ç¨åºæ¡æ¶ãVisual Age for Javaä½ä¸ºIBMçµååå¡è§£å³æ¹æ¡å ¶ä¸äº§åä¹ä¸ï¼å¯ä»¥æ ç¼å°ä¸å ¶ä»IBM产åï¼å¦WebSphereãDB2èå, è¿ éå®æä»è®¾è®¡ãå¼åå°é¨ç½²åºç¨çæ´ä¸ªè¿ç¨ã
ããVisual Age for Javaç¬ç¹ç管çæ件æ¹å¼ä½¿å ¶éæå¤é¨å·¥å ·é常å°é¾,ä½ æ æ³è®©Visual Age for Javaä¸å ¶ä»å·¥å ·ä¸èµ·èåå¼ååºç¨ã
7ãBEA ç WebLogic Workshop
BEA WebLogic Workshopæ¯ä¸ä¸ªç»ä¸ãç®åãå¯æ©å±çå¼åç¯å¢ï¼ä½¿ææçå¼å人åé½è½å¨ BEA WebLogic Enterprise Platformä¹ä¸æ建åºäºæ åçä¼ä¸çº§åºç¨ï¼ä»èæé«äºå¼åé¨é¨çç产åæ°´å¹³ï¼å å¿«äºä»·å¼çå®ç°ã
ããWebLogic Workshopé¤äºæä¾ä¾¿æ·çWebæå¡ä¹å¤ï¼å®è½å¤ç¨äºå建æ´å¤ç§ç±»çåºç¨ãä½ä¸ºæ´ä¸ªBEA WebLogic Platformçå¼åç¯å¢ãä¸ç®¡æ¯å建é¨æ·åºç¨ãç¼åå·¥ä½æµãè¿æ¯å建Webåºç¨ï¼Workshop 8.1é½å¯ä»¥å¸®å©å¼å人åæ´å¿«æ´å¥½å°å®æã
å¦ä½å¶ä½çµå书ï¼
å è´¹çå¨çº¿å¶ä½çµå书平å°æ¨è使ç¨äºå±ç½ãäºå±ç½ä¸é®å¶ä½ï¼å¿«éå享ï¼å¤ç»´åº¦æ°æ®åæï¼ä¸ç«å¼ç²¾åè¥éãæ¯æå ¨ææ£ç´¢/ç®å½/书橱书æ¶/ä¸è½½ç¦»çº¿çé 读çåè½ï¼æä½ç®å便æ·ã
äºå±ç½çä¼ç¹ï¼
1ãå¯ä¸ä¼ PDF/PPT/Word/å¾çï¼å¦ææ/å®£ä¼ å/æå¿/å å/ææ¡£çï¼
2ãæ¯æ页é¢æ·»å æå/å¾ç/è§é¢/é³é¢/çµè¯/é¾æ¥/å¨ç»ï¼
3ãçæé¾æ¥/äºç»´ç å°ç¨åºï¼ææº/å¹³æ¿/çµèå¯é 读(读è æ é注å)ï¼
4ãæ¯æå ¨ææ£ç´¢/ç®å½/书橱书æ¶/ä¸è½½ç¦»çº¿çé 读çåè½ãç¹å»é©¬ä¸å¼å¯å¶ä½ä¹æ
æ³è¦äºè§£æ´å¤å ³äºå¶ä½çµå书çç¸å ³ä¿¡æ¯ï¼æ¨èéæ©ä¸å½©ä¿¡æ¯æä¸çäºå±ç½ã使ç¨äºå±ç½å¶ä½æç¬ç«ççµå书ï¼ä»¥é¾æ¥åäºç»´ç çæ¹å¼å享åºå»ï¼ä¾¿äºå«äººé 读ï¼æ´æ¯ä¾¿äºæ¨å¹¿ï¼å¯éæ¶ä¿®æ¹ç»åå 容ï¼èé¾æ¥/äºç»´ç ä¸ä¼åï¼è½¬æ¢å³èªå¨çæ3D翻书ææï¼ä¼ä¸çº§ä¼åè¿å¯ä»¥æ·»å å¤åªä½ï¼è®©ä¹¦æ¬æ´çå¨æ趣ï¼æåé 读ä½éªï¼è®©è¯»è æ´æ¿æç¿»é ã