CrashWrangler Monitor (OS X)
The CrashWrangler monitor will launch a process and monitor it for interesting crashes. This monitor uses the Crash Wrangler tool from Apple which can be downloaded from the developer website. The tool must be compiled on each machine it is used on in order to work correctly.
This is the prefered method of catching faults on OS X.
Parameters
-
Command — Command to execute
-
Arguments — Command line arguments (optional, default none)
-
StartOnCall — Start command on state model call (optional, default none)
-
UseDebugMalloc — Use OS X Debug Malloc (slower) (optional, default false)
-
ExecHandler — Crash Wrangler execution handler program (optional, default exc_handler)
-
ExploitableReads — Are read a/v’s considered exploitable? (optional, defaults to false)
-
NoCpuKill — Disable process killing by CPU usage (optional, default false)
-
CwLogFile — CrashWrangler Log file (optional, defaults to cw.log)
-
CwLockFile — CrashWrangler Lock file (optional, defaults to cw.lock)
-
CwPidFile — CrashWrangler PID file (optional, defaults to cw.pid)
Examples
<Agent name="Local"> <Monitor class="CrashWrangler"> <Param name="Command" value="/Applications/Safari.app/Contents/MacOS/Safari" /> <Param name="Arguments" value="fuzzed.bin" /> <Param name="UseDebugMalloc" value="false" /> <Param name="ExploitableReads" value="true" /> <Param name="ExecHandler" value="./exc_handler" /> <Param name="StartOnCall" value="ScoobySnacks" /> </Monitor> </Agent>