Abstract: This paper proposes a method to detect buffer-overflow vulnerabilities for executables. Combining dynamic analysis and static analysis, it makes further detection of buffer-overflow vulnerabilities. Static methods mainly deal with the internal semantic relationship of assembly instructions and the properties of a function’s stack frame for executables. Dynamic emulation provides a virtual run-time environment, which enables the program to combine its static properties while virtually executed, and then it can get the function’s semantic results on buffer manipulation, and determine whether there is a buffer-overflow vulnerability.

Key words: dynamic detection, virtual run-time environment, semantic

摘要： 提出一种在二进制环境下挖掘缓冲区溢出漏洞的方法。结合动态与静态挖掘技术对二进制环境下的程序作进一步的漏洞查找。静态方法主要对二进制程序中函数栈帧的特征和汇编语句的内在语义关系进行分析，动态模拟方法为程序和函数提供了一个虚拟的运行环境，使程序在运行过程中结合一些静态特性得到该函数缓冲区变量的内存读写语义，最终判定程序中是否有缓冲区溢出。

关键词: 动态检测, 虚拟运行环境, 语义

CLC Number: 

• TP311.13