BugScam Readme

This is the preliminary readme file for BugScam.
BugScam is a collection of scripts for the commercial debugger IDA Pro
(http://www.datarescue.com) that will scan a given binary for problematic
uses of certain library functions (e.g. strcpy etc) and generate a nice
output file (HTML so far, LaTeX soon). It's release was inspired by the 
fact that I had libaudit.idc (the "core" engine) lying on my harddisk 
since early 2001, and never thought someone would bother with something 
this simple -- but now in 2003 one can find commercial products
with almost identical functionality on the Web, and as such I decided to
release this as OpenSource.

How to use BugScam:
  1.    Get the archive
  2.    Unpack the archive into /IDADIRECTORY/IDC/BUGSCAM
  3.    Start IDA from /IDADIRECTORY via executing "idag.exe"
  4.    Load an (x86)-binary which you want to analyze
  5.    Run /IDADIRECTORY/IDC/BUGSCAM/run_analysis.idc
  6.    Look at the pretty output generated: 
  /IDADIRECTORY/IDC/BUGSCAM/REPORTS/filename.html
  7.    Use the report & view the reported problems in IDA. Inspect
        manually to remove false positives, use the ObjRec package
        (or something similar) to reconstruct structures & objects
        in order to further decrease false postives
  8.    Goto 5. until you're satisfied with the result
  
I hope this helps getting people started :-)

Cheers,
Halvar