Abstract: According to the theory of buffer overflow, a buffer overflow detection model based on executable code is proposed. Its theory foundation is introduced and building procedure is described. In addition, new methods to recognize the reference of buffer are proposed. This model translates executable code to assembly code, gets functions call-relationship graph and control flow graph, builds buffer variables table and buffer references table. And from the buffer reference, it sums up path constraints against the control flow, judges buffer overflow by solving the constraints.

Key words: executable code, buffer overflow, buffer overflow detection, constraint solving

摘要： 根据缓冲区溢出原理，提出一种基于可执行代码的缓冲区溢出检测模型，给出该模型的理论基础，描述模型构建的过程，提出新的缓冲区引用实例的识别方法。该模型将可执行代码反汇编为汇编代码，建立函数调用关系图和控制流图，分析缓冲区变量及其引用实例，从缓冲区引用实例逆程序流方向归结路径约束，通过约束求解判断缓冲区溢出可能与否。

关键词: 可执行代码, 缓冲区溢出, 缓冲区溢出检测, 约束求解

CLC Number: 

• TP309