关键词: Crash分析, 漏洞检测, 二进制插桩, 动态污点分析

Abstract:

Crash analysis is a critical stage in exploitation and utilization of vulnerabilities. It’s prerequisite for Crash analysis and exploitation to determine what types of vulnerabilities are caused by crashes. In view of the problem that the existing vulnerability detection platform cannot effectively identify the Crash type, binary executable vulnerability detection and Crash type determination method is designed. The method performs taint marking on the Crash of the binary executable program, and takes care of taint removal and indirect pollution in the taint propagation stage. The purpose is to collect Crash point context information during the taint check phase to match multiple vulnerability triggering rules. Based on the above method, a tool for detecting vulnerability in a binary program and determining the type of Crash is developed. The experimental results show that the method is suitable for overwrite return address, function pointer and other modes caused by vulnerabilities such as stack overflow, format string and heap overflow.

Key words: Crash analysis, vulnerability detection, binary instrumentation, dynamic taint analysis