| Heap overflow is to replicate the data beyond given length to the memory blocks of dynamic allocation, lead to over the border and cover the management structure or content between memory blocks. Heap overflow is a form of buffer overflow. An attacker could change the program flow through the use of covered areas and execute their specified orders to achieve the purpose of attack. Heap overflow attack is an important and effective computer network attack. The research of the technology of automatic generation of heap overflow can provide key attack means for Computer Network Operation (CNO).This paper analyzes and studies the technology of heap overflow and the description language of automatic generation of heap overflow codes, mainly includes: First, points out the problems about the technology of heap overflow at present that the research of generation and use of heap overflow mainly focuses on the techniques and methods of attacks under different systems and types of heap overflow, and hasn't universal method of automatic generation. The codes of heap overflow which can be used need write manually by different methods. The research of the description of heap overflow lacks recognized language.Secondly, in view of the problems mentioned above and according to the project needs, the paper abstracts a type of construction rule of heap overflow codes by analyzing control information and the related use or types of attack of heap overflow, thus establishes the automata model of automatic generation of heap overflow codes and gives the formal proof that the generating logic of this automata model is accessibility.Again, based on the above model, designs a description language of automatic generation of heap overflow codes to support automatic description of heap overflow codes. In accordance with the rules of morphology, syntax and semantic of program language, adopts Lex and Yacc development tools etc., and uses VC + + 6.0 to implement automatic generation system of heap overflow codes.Finally, under the condition of given validation targets, environments and test cases, practically certifies the automatic generation system of heap overflow codes. The experiment results show that the codes of heap overflow of this system under Linux are consistent with the project requirements according to the technical route of this paper. |