[ANN] lbcv 0.2 - A bytecode verifier for Lua 5.2

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: [ANN] lbcv 0.2 - A bytecode verifier for Lua 5.2
From: Peter Cawley <lua@...>
Date: Wed, 15 Dec 2010 14:51:31 +0000

>From my experience of trying to abuse Lua bytecode, I've decided to
attack the other side of the problem, and attempt to write a module
which verifies Lua 5.2 bytecode as non-malicious. The fruits of this
effort are the following module, which I've named lbcv:

http://code.google.com/p/lbcv/

lbcv is MIT licensed, and hence comes with no warranty of correctness,
but has correctly classified all the malicious bytecode I've thrown at
it, as well as correctly classifying as non-malicious all the
code-generator generated code I've thrown at it. The approach used is
to trace the execution of the bytecode, keeping track of the state of
each virtual machine register at every possible reachable instruction.

Follow-Ups:
- Re: [ANN] lbcv 0.2 - A bytecode verifier for Lua 5.2, Mike Pall

Prev by Date: Re: lua-5.2.0-alpha table module problem
Next by Date: Re: [Bug] converting from hex doesn't work for large numbers
Previous by thread: Re: [Bug] converting from hex doesn't work for large numbers
Next by thread: Re: [ANN] lbcv 0.2 - A bytecode verifier for Lua 5.2
Index(es):
- Date
- Thread