Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Detector for binary-code buffer-zone overflow bugs, and detection method thereof

A binary code, buffer overflow technology, applied in instruments, software testing/debugging, multi-programming devices, etc., can solve problems such as affecting accuracy, inability to determine whether memory operands point to the same memory address, incomplete analysis, etc.

Inactive Publication Date: 2010-05-26
BEIJING UNIV OF POSTS & TELECOMM
View PDF0 Cites 76 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

For example, in a piece of disassembled code, the memory operand DWORD PTR[ESP+4] appears in one instruction, and the memory operand DWORDPTR[EBP-10] appears in another instruction. value, so it is impossible to tell whether the two memory operands point to the same memory address
So symbolic execution against assembly code cannot guarantee its accuracy
[0008] (2) Pointer problem
These instructions are equivalent to pointer operations in C language, and it is quite difficult to solve symbolic execution
[0012] (3) Circulation problem
Symbolic execution is not real execution, so it is very difficult to determine the number of loops. Some technical solutions assume that each loop only loops once. This can indeed simplify the complexity of the problem, but may affect the accuracy; on the other hand, if each Adding a cycle is regarded as a new path, which will cause path explosion
[0013] (4) The analysis of the program through the assembly code is not comprehensive. Although the assembly code expresses the operation of the instruction, it does not indicate the full impact of the operation. Some instructions will set the corresponding flag when performing the operation. These flags It may also affect the conditional jump instruction that follows it
However, IntScope can only be used to detect integer overflow vulnerabilities, which is too limited

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Detector for binary-code buffer-zone overflow bugs, and detection method thereof
  • Detector for binary-code buffer-zone overflow bugs, and detection method thereof
  • Detector for binary-code buffer-zone overflow bugs, and detection method thereof

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0064] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0065] The present invention is an overflow vulnerability detector based on symbolic execution and combined with the actually executed binary code buffer, which can monitor all executable EXE programs in PE format and related The code in the DLL file of the dynamic link library performs path coverage testing and overflow vulnerability detection on all executable programs in PE format; in order to detect buffer overflow vulnerabilities of various executable programs under the Windows platform, and discover overflow vulnerabilities at the same time , giving information about the cause of the vulnerability.

[0066] see figure 1 , introduce the structural composition of overflow loophole detector of the present invention, it is provided with six software function modu...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention provides a detector for binary-code buffer-zone overflow bugs, and a detection method thereof. The detector comprises six functional modules, namely a debugger module, an input point positioning module, a disassembling module, a symbolic execution module, a loop operation analysis module and an intelligent FUZZ test module. Differing from static symbolic execution, the detection method dynamically loads programs through the self-developed debugger module to synchronously performing symbolic execution and single-step practical execution, and then applies a model to solve each difficulty in binary code analysis so as to test path coverage and detect overflow bugs in accordance with all executable programs of PE format under a Windows platform. The detection can also provide propagation paths of input data and other important information related to bug formation cause while positioning the bugs, only analyzes the selves of the executable programs, needs no source codes, is unrelated to the species of source codes and development tools, and is extensive in applicable occasions, so the detection method has good prospects for popularization and application.

Description

technical field [0001] The present invention relates to a technique for mining buffer overflow vulnerabilities in binary codes, to be precise, to a detector and detection method for buffer overflow vulnerabilities of binary codes based on symbolic execution combined with actual execution, belonging to information security in the field of software security technology. Background technique [0002] The buffer overflow vulnerability detection technology is usually divided into two types according to the different objects it analyzes: source code security vulnerability audit for source code and reverse security vulnerability analysis for binary code. Among them, the mining or detection technology of executable program buffer overflow vulnerabilities based on binary code is divided into static analysis method and dynamic testing method. [0003] The static analysis method is to use reverse tools such as IDA Pro to disassemble binary code into assembly code, obtain the control fl...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): G06F11/36G06F21/22G06F9/46G06F21/56
Inventor 崔宝江国鹏飞曾虎城
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com