Unlock instant, AI-driven research and patent intelligence for your innovation.

A Dynamic Discovery Method of Memory Variable Distribution

A discovery method and memory technology, applied in the direction of platform integrity maintenance, etc., can solve the problems of low coverage, low degree of automation, complex analysis methods, etc., and achieve the effect of high degree of automation

Active Publication Date: 2018-11-06
INST OF INFORMATION ENG CHINESE ACAD OF SCI
View PDF3 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

But these methods have some disadvantages: 1) They use random input to generate program paths, so the coverage is not high
[0005] The above method has the problems of low degree of automation and complex analysis methods. The present invention mainly analyzes the instruction execution process, and proposes a dynamic discovery method for memory variable distribution, so as to solve the problem of dynamically speculating memory related to a certain instruction in the absence of source code.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A Dynamic Discovery Method of Memory Variable Distribution
  • A Dynamic Discovery Method of Memory Variable Distribution
  • A Dynamic Discovery Method of Memory Variable Distribution

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0015] First, we analyze an example to illustrate the memory variable distribution identification.

[0016] Example 1: We have the following binary code, we analyze it.

[0017]

[0018] Through the analysis, it can be seen that the program will exit because sizein is greater than 0x100, but when sizein is equal to 0x100, b[0x100] in the loop will get user input. figure 2 To give an example of the distribution of the corresponding code in Microsoft Visual Studio 2005 runtime memory in 1, and the actual space of b is from b[0] to b[0x99], at this time, the buffer overflows, if the adjacent memory is an important field, For example, size, and then the 13th line in the example 1 below, according to the size to apply for memory again, you can allocate a buffer of any size, and malicious users can implant code, which brings great security threats to users.

[0019] Therefore, if figure 1 A method for dynamically discovering memory distribution for vulnerability detection is s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a dynamic discovery method for distribution of memory variables.The method comprises following steps of: 1), selecting a target statement out of target software based on the set instruction characteristic; 2), generating input data enabling the target software to reach the target statement; and 3), acquiring distribution of memory variables for acquisition of the target statement when the target software executes input data. The dynamic discovery method for distribution of memory variables helps to achieve dynamic speculation of memory related to an instruction in the absence of source codes without analyzing all instructions.

Description

technical field [0001] The invention mainly relates to a software (executable file) variable analysis method, and more precisely relates to a method for dynamically inferring memory variable distribution in the absence of source codes in software analysis. Background technique [0002] Memory variable analysis is an important part of software analysis, especially vulnerability analysis and malicious analysis. In the case that the source code exists, the variables in the source code can be directly analyzed to obtain the memory variable distribution. But for binary executable files lacking source code, it is extremely difficult to obtain the distribution of memory variables. [0003] Data structure reverse engineering is similar to memory distribution discovery. DIVINE recovers variable entities by using value set analysis and pointer analysis algorithms, and can identify 88% of variables in the stack and 89% of variables in the heap. But our approach is more lightweight. ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/56G06F21/57
Inventor 陈恺马彬张颖君
Owner INST OF INFORMATION ENG CHINESE ACAD OF SCI