Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A system and method for vulnerability locating and exploring for binary files

A binary file and binary technology, applied in the direction of instrument, program/content distribution protection, platform integrity maintenance, etc., to facilitate analysts, improve vulnerability information, and speed up vulnerability location

Active Publication Date: 2019-03-12
成都网域复兴科技有限公司
View PDF2 Cites 11 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] In view of the above-mentioned research problems, the purpose of the present invention is to provide a system and method for exploiting vulnerabilities in binary files, to solve the problem that the methods in the prior art cannot efficiently discover and locate vulnerabilities in patched software, and to help improve the Vulnerability information builds a vulnerability library, helps construct POC codes, facilitates analysts and reduces repetitive operations to achieve automation

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A system and method for vulnerability locating and exploring for binary files

Examples

Experimental program
Comparison scheme
Effect test

Embodiment

[0045]Patches for Windows, such as MS04-11 LSASRV.DLL binary samples and corresponding patched files. The specific system implementation is as follows:

[0046] A vulnerability location and discovery system for binary files, including:

[0047] Disassembly module: use one of the linear scan algorithm or recursive descent algorithm to disassemble the input MS04-11 LSASRV.DLL binary sample and the corresponding patched file from binary to assembly language respectively to obtain assembly code;

[0048] Patch comparison module: used for function-level fine-grained structural comparison analysis of assembly codes to obtain function pairs that meet the requirements. The structured comparison analysis uses string similarity comparison algorithms, string reference matching algorithms, and the number of instructions Matching algorithm, hash matching algorithm, call-reference matching algorithm, edge matching algorithm, entry-exit matching algorithm and the result of comprehensive co...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a leak locating and excavating system and a leak locating method aiming at a binary file, belonging to a computer leak detecting technology, comprising a disassembly module, apatch comparison module, an intermediate language translation module, a static stain analysis module and a leak pattern matching and locating module. For binary patch pairs, the disassembly module disassembles them to obtain assembly code; Patch comparison module mainly deals with the disassembled code to obtain the function-level fine-grained matching degree; Intermediate language translation iscarried out for function pairs with reasonable matching ratio. Static stain propagation detection module is responsible for marking untrusted input as stain data, narrowing the matching range; Vulnerability Pattern Matching Location Module, will be the common vulnerability pattern modeling, matching location. The invention can accelerate the vulnerability positioning according to the patch file, facilitate the analysis under the condition of no vulnerability details, construct the vulnerability database, and can semi-automatically excavate the vulnerability.

Description

technical field [0001] The invention discloses a system and method for exploiting vulnerability location of binary files, which is used for detecting binary patch pairs and can automatically locate vulnerabilities; it belongs to the technical field of computer vulnerability detection. Background technique [0002] Binary program reverse analysis and vulnerability mining have always been the primary and key issues in the field of software security research. For the newly fixed vulnerabilities, the specific details will not be announced soon. If we want to conduct in-depth research on this, we often need to use the method of patch comparison to locate the vulnerability points in the program. Patch comparison is a common method to reveal difference information. However, there is currently no system for exploiting and locating vulnerabilities for patch comparison. [0003] In the document "Analysis of Buffer Overflow Process Based on Dynamic Binary Platform", Dong Pengcheng an...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/14G06F21/57
CPCG06F21/14G06F21/577
Inventor 陈香宇
Owner 成都网域复兴科技有限公司
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products