List of App Auditing Tools
Last update: December 30th, 2018
Windows Tools and Environment Setup
- VTune
- Debugging Tools for Windows Includes WinDBG
- Windows Performance Toolkit
- Symbols for Public MS APIs
- Leakdiag
- Process Explorer
- Dependency Walker
- Dependency Walker (OSS rewrite)
- VMMap - Process virtual and physical memory analysis utility.
- x64dbg - A new open source x64/x32 debugger for Windows.
- Mtuner - Leak and heap profiling
Linux Tools
- Valgrind
- Helgrind (A Valgrind tool. Specify
--tool=helgrind). It will detect synchronisation errors. - Clang analyzer Must be built from source. Includes
clang-formatwhich is useful.
Mac Tools
- OS X Graphics Tools (A separate download nowadays)
- Clang analyzer Includes other binaries including
clang-format.
Thread Accounting
Windows Performance Toolkit can discover who owns a thread.
Process Explorer can be used to inspect threads. Use the stack button to see the thread stack update on sample interval.
LLDB has two commands which can be run at a breakpoint:
thread listbt all
CPU Profiling
- win Perfmon how-to
- win VTune Sampling
- win VTune Call Graph
- mac Instruments Time Profiler how-to
Graphics Profiling
- mac OpenGL Driver Monitor (part of OS X graphics tools)
- win MSVCRT alloc check
- Texture usage
- OpenGL
- win and linux GDebugger
- mac OpenGL Profiler (does not sort by largest texture though)
Memory Leak
- linux Valgrind (also reportedly runs on Android)
- win MSVCRT alloc check
- win Leakdiag
Memory Alloc Tracing
- cocoa/OS X environment variables. Some notable ones:
NSDebugEnabled— turns on extra debug information in FoundationNSZombieEnabled— notifies when messages are incorrectly sent to deallocated objects.MallocStackLogging— Record all methods that call a specific variable as args. Using console, you can have a backtrace using commandmalloc_history.
Miscellaneous Accountability
- win Process Explorer functionality:
- Dump strings
- Review memory mapped files
- Confirm whether DEP is on by adding Data Execution Prevention column
DLL Associations
- win Dependency Walker. Some things to look for:
- Confirm no non-Microsoft DLLs outside of executable cwd. (ex:
python26.dllin system directory). - Confirm only one CRT dependency (no need for
MSVCRT80andMSVCRT90) - Profile and sort by file size
- Confirm no non-Microsoft DLLs outside of executable cwd. (ex:
- llvm toolchain Some LLDB commands:
- Get a list of all loaded modules.
target modules list - Dump the symtable from all target modules.
target modules dump symtab - Find out why a function is included - win Process Explorer functionality:
- Dump strings
- Review memory mapped files
- Confirm whether DEP is on by adding Data Execution Prevention column
- Get a list of all loaded modules.
in the modules list. target modules lookup --address
Static Analyzers
- Visual Studio /analyze
- Clang
--analyze- Use
-Xanalyzer -analyzer-output=textto get an explanation of what’s actually going on.
- Use
- CPPCheck
Runtime Analyzers
- Mac and Linux Clang address sanitizer
- Linux Clang thread sanitizer Mac support coming
- Linux Clang memory sanitizer Warning: Full binary instrumentation needed (even LibC).
Gotchas and unexpected events
- Clang and GCC
-Walldoes NOT warn if a member variable is uninitialized in a constructor. - As of late 2013, many of the
-fsanitizeoptions to Clang are not stable on the latest Xcode and OS X.
Materials
- book Advanced Windows Debugging book
- video The Care and Feeding of C++’s Dragons
- blog Bruce Dawson’s blog Bruce focuses on code correctness, efficiency and unicycles.