摘要： 随着Internet 应用的广泛深入，计算机系统的安全问题日益引起人们的重视，其中，缓冲区溢出漏洞攻击的数量呈逐年上升之势。该文从缓冲区溢出的原理开始，描述了一种利用静态分析和动态分析相结合的基于二进制代码的缓冲区溢出分析检测技术及工具，比较和分析了该工具检测二进制代码的结果与传统工具检测对应源程序的结果，并提出了存在的不足和改进之处。

关键词: 缓冲区, 缓冲区溢出, 静态分析, 动态分析

Abstract: With Internet goes further, people pay more and more attention to computer security problems. And among them, the number of buffer overflow attacks is growing by year. This article begins with the theory of buffer overflow attacks, describes a method and a tool using static analysis and dynamic analysis to detect buffer overflow in binary files, compares and analyses the result of running this tool and traditional buffer overflow detect tool and indicates the defects of the tool and how to improve it.

Key words: Buffer, Buffer overflow, Static analysis, Dynamic analysis