| Patch-matching is of great significance to the software vulnerability study. The patch and the original program are the objects of the patch-matching study. Through the comparison between the the patch and the original program, it finds the location where the patch repairs, in order to determine the location of the software flaw which provides the important research foundation for vulnerability analysis.After the extensive study on patch-matching algorithm both at home and abroad, this paper proposes a patch-matching method based on executables signature. It presents an innovative executables signature technology, through which the algorithm can be auto-selected and adopted in order to make the comparing algorithm adapt to the characteristics of the executables during the comparing process. At the same time, "signature self-matching" is used in the patch-matching algorithm to deal with the collision of the function signatures.Subsequently, this paper designs the key points of the patch-matching algorithm based on executables signature. Executables signature and executables signature selector are used to choose comparing algorithm by the characteristics of executable files. Function signature is designed to make the functions differentiated. The method of signature self-matching processes the function signatures of an executable before the comparison. They are both used to deal with the collision of the function signatures to improve the performance of the tools.Finally, based on the algorithm proposed in this paper and key points of it above, this paper designes and achieves BinaryPatchMatch software, and makes detailed introduction about each module of the software. In this paper, the performance of BinaryPatchMatch software has been tested and the comparing result is shown. The application method of the software is also introduced, by making an application example of MS 09-057, a Microsoft patch. |
PDF Full Text Request