Meditation, The Art of Exploitation

Thinking? At last I have discovered it--thought; this alone is inseparable from me. I am, I exist--that is certain. But for how long? For as long as I am thinking. For it could be, that were I totally to cease from thinking, I should totally cease to exist....I am, then, in the strict sense only a thing that thinks.

Thursday, January 11, 2007

source code auditing and profiling

I've recently stumbled upon this source code auditing software called splint ( It can be used to identify many security related issues statically at source code level. The manual is very comprehensive.

There is also a very good profiling software called oprofile ( with decent performance and profiling capabilities. I used to use histx on itanium2 based hardware. These softwares provide similar functions (namely sampling and reporting of hardware events)

Together with valgrind, these tools can be very valuable to identify software problems, security, performance, memory leak etc.