README for bfbtester (Brute Force Binary Tester) v1.0
Copyright 2000 Mike Heffner <spock@techfour.net>

I N T R O

bfbtester is a quick hack I put together to do some basic overflow
tests on binary programs. It probably won't catch everything wrong or
every program, but it's pretty good at catching the bad
ones. bfbtester can either run tests on a single binary or walk
through a whole directory of binaries. Currently bfbtester tests for
argument overflows and environment variable overflows.

the syntax for bfbtester is as follows:

bfbtester -(asme) [-d level] [-r rejects] BinOrDir

a, s, m, and e are the tests that it will run

s: Runs the single argument tests, and consists of three tests:
	1. Option (-?) plus argument in short form
	2. Option (-?) plus argument in long form
	3. One argument  in long form
m: Runs the multiple argument tests, and consists of three tests:
	1. Option (-?) + argument + argument
	2. Option (-?) + argument + option + argument
	3. Option (-?) + argument + option + argument + argument
	4. Two arguments
e: Runs the environment variable tests, will test all env variables in 
	a list of common env. variables. Will also test with a single long
	argument.
a: Selects all three tests.

NOTE: You must select at least one test to run.

d: Selects debugging level. Highest is 1, default 0.

r: Specify a comma seperated list of binaries to skip (ie. not
	test). Good one to skip is 'kill'

BinOrDir: The directory of binaries or individual binary to test.

EXAMPLES:

bfbtester -s /usr/bin
	Runs single arg tests on all binaries in /usr/bin
bfbtester -a /bin/cat
	Runs all tests on /bin/cat
bfbtester -me -r kill /bin/kill
	Does nothing


N O T E S

Before I wrote this program I knew nothing about threads, and well I
still don't know much, so the thread handling is probably pretty poor, 
but it seems to works.

Sometimes it will get wedged on exit, especially if you only are doing 
short tests. I think it has something to do with the threads and my
cleanup routines, but not sure how to fix it. It you're running short
tests and it freezes up on exit for a long time, just kill it.

The following is a crash record:
<>Crash<>
** Binary:     /usr/bin/ftp
** Signal:     11 (Segmentation fault)
** Core?:      Yes
** Args:       [10240]
** Longenvs:   PATH=[10235]

the crash reports use a [num] to signify a word num characters long
so the above is similar to the following command:

$ PATH=AAA...AAA ftp AAA...AAA





Have fun,

Mike Heffner