Binary program vulnerability automatic exploitation method for constructing state transition graph

CN122286784APending Publication Date: 2026-06-26BEIJING INST OF TECH

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
BEIJING INST OF TECH
Filing Date
2026-05-08
Publication Date
2026-06-26

AI Technical Summary

Technical Problem

Existing automated exploit generation (AEG) techniques lack program state management and multi-step exploit path searching when faced with a combination of multiple protection mechanisms, resulting in low efficiency and low success rate in bypassing modern protection mechanisms such as NX, PIE, and Canary.

Method used

By constructing a state graph, the exploitation steps are systematically managed. Combined with symbolic execution and constraint solving techniques, payloads are generated to achieve automated bypass of complex protection mechanisms.

Benefits of technology

It significantly improves the success rate of vulnerability exploitation under a combination of multiple protection mechanisms, and can efficiently generate highly adaptable vulnerability exploitation payloads, suitable for CTF scenarios and real software vulnerability assessments.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122286784A_ABST
    Figure CN122286784A_ABST
Patent Text Reader

Abstract

This invention relates to an automated vulnerability exploitation method for constructing state transition graphs, belonging to the field of software security technology. First, the binary program is disassembled to extract information such as protection mechanism types and high-risk functions, which serve as the starting node state information of the state transition graph. Then, based on the node state information, exploitation methods are selected from a vulnerability exploitation library to attempt to bypass protection mechanisms. Exploitation methods that can bypass protection mechanisms are used as edges in the state transition graph, and new nodes are created. This process is repeated to continuously create nodes until all protection mechanisms are bypassed. Based on the latest node state information, an exploitation method that can obtain a shell is selected, and a termination node is created. Finally, the state transition graph is traversed using the Depth-First Search (DFS) algorithm, and symbolic execution and constraint solving techniques are used to generate payloads. This invention addresses the problem that existing methods rely on fixed exploitation methods to generate payloads, making it difficult to cope with complex protection mechanisms. By constructing a state transition graph to gradually bypass multiple protection mechanisms, the success rate of automated vulnerability exploitation is improved.
Need to check novelty before this filing date? Find Prior Art