Hey Bro. Thank you for you're job! It's really help me to up my skills in binary research.

if you allow i want to say few words:

1 - it will be coool if you add some searching of one-byte-overflow.
for example when we use memcpy(var1,va2,len) and before len = strlen(some_heap_address)
something like that. this will reduce false-negative.

1.5 - i think it's possible to add some additional check to false-positive when we found something.
for example when we control var2 in memmove(var1, var2, len), but len is constant. or, len = &var1 - &var2 for example and &var1 > &var2

2 - if we try to analize some binary like "lighthttpd" - we get a fall. i dont know why :) but i can give some more log if needed.

Thank you again. Gr33t1ng5 fr0m Ukr41n3 👍

Awesome tool, by the way.

Not sure if this is due to something new in Binary Ninja or the particular binary I'm working on, but there are a lot of *printf calls that use an offset within a larger string that points to a format specifier, e.g:

snprintf(&var_2003c, 0x18, &(*"kill -15 %d")[9], blah)

VulnFanatic is flagging this as a format string vulnerability, presumably because it thinks it is pointing to some user-controlled buffer.

Hi! When I run the tool, the following problem occurs:

[Default] C:\Users\aaa\AppData\Roaming\Binary Ninja\plugins\VulnFanatic\scanner\scanner31.py:102: DeprecatedWarning: create_tag is deprecated as of 3.4.4146. Use add_tag instead.
[Default] tag = xref.function.source_function.create_tag(self.current_view.tag_types["[VulnFanatic] "+conf], f'{test["name"]}: {test["details"]}\n', True)
[Default] D:\Program Files\Vector35\BinaryNinja\plugins..\python\binaryninja\function.py:799: DeprecatedWarning: create_tag is deprecated as of 3.4.4146. Use add_tag instead
[Default] return self.view.create_tag(type, data, auto)
[Default] C:\Users...\AppData\Roaming\Binary Ninja\plugins\VulnFanatic\scanner\scanner31.py:103: DeprecatedWarning: add_user_address_tag is deprecated as of 3.4.4146. Use add_tag instead.
[Default] xref.function.source_function.add_user_address_tag(xref.address, tag)

This is a version issue. Binaryninja3.5+ replaces some of the list apis like create_tag with add_tag.
We can also find clues in the official documents. However, when I try to change the api, I get more errors.
Can you help solve this problem？

Best regards,
lst-oss

Hi. First off want to say that this is a pretty great tool and helps cut down on research time. Like everything it's prone to false positvies or negatives but it's been doing well so far.

Except when the C++ standard library is concerned. You see, these all point to the same call.

This very egregious result all points to one function. if you just glance over HLIL, you can see what might look like a double-free or use-after-free issue.

Except for the fact that if you actually look at the HLIL, it appears to be walking the arguments and freeing them. No occurence of freeing the same argument twice, nothing that looks like (to me) a use-after-free. Then again, I'm still learning the ropes of HLIL.

I can send the binary in question, though as it's a private affair it'd have to be over email or something. Either way, I'd suggest tuning the UaF/Double free/Free "issues" in general to be a lot less zealous, and if possible, ignore C++ standard library functions, because I doubt that if this were present, it'd have made it past the C++ standards committee.

Keep up the good work, regardless. Aside from the problems with free/operator delete, it has found actual bugs and does cut down on research time. If you can provide an email to where I can share the binary (and a few others that have had similar issues) I'd be happy to help you investigate the issue.

Best regards,
impost0r

Hello!

How are you?

A long time pass from my last using of you're plug-in.
I was happy seeing new version, but suddenly i found, that is doesn't work at all.

Nor errors or python crashes, niter any vulns.
So, i rolls back and it work again.

But throw python exceptions and leak a platy of memory.

So, what info should i send to help me and maybe other peoples to be happy?

:3