计算机工程 ›› 2012, Vol. 38 ›› Issue (9): 138-140.doi: 10.3969/j.issn.1000-3428.2012.09.041

• 安全技术 • 上一篇    下一篇

基于代码插装的缓冲区溢出漏洞定位技术

史胜利   

  1. (包头师范学院信息科学与技术学院,内蒙古 包头 014030)
  • 收稿日期:2011-09-09 出版日期:2012-05-05 发布日期:2012-05-05
  • 作者简介:史胜利(1977-),男,讲师、硕士,主研方向:信息安全,漏洞检测

Buffer Overflow Vulnerability Location Technology Based on Code Instrumentation

SHI Sheng-li   

  1. (School of Information Science and Technology, Baotou Teacher College, Baotou 014030, China)
  • Received:2011-09-09 Online:2012-05-05 Published:2012-05-05

摘要: 为准确快速地找到缓冲区溢出漏洞点,提出一种通过代码插装对二进制文件中的缓冲区溢出漏洞自动定位的方法。使用PIN提供的函数编写程序分析工具,在程序执行过程中记录所需的信息。当检测到内存访问错误异常时,判别破坏内存的情况,获取内存破坏点,查找到非法写内存的指令定位漏洞。实例分析表明,该方法不需要源程序且效率较高,能成功地定位常见的缓冲区溢出漏洞。

关键词: 漏洞定位, 代码插装, 返回地址, 函数指针, 异常, 缓冲区溢出

Abstract: In order to find buffer overflow vulnerability point accurately and rapidly, this paper proposes a method that can find buffer overflow vulnerabilities in binary file through code instrumentation. It uses plentiful functions PIN providing to make program analysis tool and saves information needed during program execution. When detecting memory access violation exception, it distinguishes what class of memory corruption and obtains memory corruption point and seeks illegal memory writing instruction to locate vulnerability. Example analysis shows that the method does not need source program, and has higher efficiency, it can locate popular buffer overflow vulnerabilities successfully.

Key words: vulnerability location, code instrumentation, return address, function pointer, exception, buffer overflow

中图分类号: