Method for vulnerability detection in Windows operating environment based on instrumentation tool

An operating environment and vulnerability detection technology, applied in the computer field, can solve the problems of deep hidden malicious code, single, limited sample processing, etc.

Inactive Publication Date: 2015-12-23
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF3 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] The three types of vulnerabilities, buffer overflow, local privilege escalation, and ROP, are very common and dangerous vulnerabilities that exist widely in various operating systems and application software. However, the current research only analyzes and deals with one type of vulnerability, which is relatively single
At the same time, in order to protect the information security of users on the Internet, national security departments and enterprises will capture a large number of file samples at any ...

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0014] The specific implementation of the vulnerability detection based on the instrumentation tool described in the present invention is:

[0015] a) Create the target process in a suspended mode;

[0016] b) attach to the target process in debug mode;

[0017] c) Resume the operation of the target process until the memory management dynamic link library is loaded into the process space and complete the initialization and suspend again;

[0018] d) Separate the memory management dynamic link library from the process space;

[0019] e) Copy the stub-inserting startup routine to the target process space and point the process counter to the routine;

[0020] f) resume the operation of the target process;

[0021] g) Load instrumentation tool module enumeration (Pinvm.dll);

[0022] h) Loading the vulnerability trigger judgment module;

[0023] i) Instrument the target process, execute process instructions, and generate a vulnerability detection report.

[0024] The above s...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for vulnerability detection in a Windows operating environment based on an instrumentation tool. The method comprises the steps that when it is detected that a target process executes a function call instruction, a next instruction address and a function return address are saved; if the instruction corresponding to the skip destination address of the target progress is not a start instruction of a function, ROP vulnerability existing is determined; when it is detected that the target process executes the function return address, whether the return address in a current thread stack is stored or not is detected, and if the return address is stored, a buffer overflow vulnerability is determined; whether the address of a function return instruction is same as the stored return address or not is judged, the address of the function return instruction is saved if the address of the function return instruction is not same as the stored return address, and it is judged that a ROP vulnerability exists in the target progress when it is detected that the address is executed for multiple times; a preset debugged progress is opened based on a function call interface, then whether the preset debugged progress can open the target process or not is judged, and if the preset debugged progress cannot open the target process, a local privilege escalation vulnerability exists. By means of the method, multiple samples can be automatically identified and detected concurrently.

Description

technical field [0001] The invention belongs to the field of computers, and in particular relates to a vulnerability detection based on an instrumentation tool in a Windows operating environment. Background technique [0002] Software vulnerabilities are an important reason for the rampant attacks of worms and Trojan horses. In recent years, major security incidents have occurred frequently. For example, in January 2010, Google was affected by Microsoft’s Aurora vulnerability and was attacked by hackers, resulting in system failure; in December 2011, CSDN, the world’s largest Chinese IT community, was delisted, resulting in 6 million registered users personal information was leaked. Vulnerability data collected by ChinaNationalVulnerabilityDatabase from 2004 to 2014 show that the number of vulnerabilities decreased only between 2006 and 2008. Since 2008, the number of vulnerabilities has rebounded. There are more and more websites, and the degree of harm is also increasing...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): G06F21/57
CPCG06F21/577G06F2221/033
Inventor 张小松向琦牛伟纳鲍凯唐海洋曹思宇岳豪
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap