Research Of Vulnerability Discovery And Exploit Based On FUZZ Technique Under Windows Plateform

With the development of information technology,the size and complexity of thesoftware to improve, software is becoming more and more difficult to develop andmaintain. Because of the development of Internet technology quickly and softwarevulnerabilities are found in a large number of attacks and intrusion event, therefore,Safety studies become the focus of information technology development.The safety study of software include vulnerability exploiting and vulnerabilityanalysis. Vulnerability exploiting is use various techniques and tools to find logic flawand potential unknown vulnerabilities of software. There are two ways of vulnerabilitydetection, one is forward engineering, the other is reverse engineering. The forwardengineering is called white box teting, which is based on the knowledge of source code.Through analysis, forward engineering can find vulnerabilities in the source code. Butin most cases, we can not get the source file, we need reverse engineering. Throughdisassembling and trace debugging, we can use it to find the vulnerability in software.Vulnerability analysis is to analyze the known vulnerability and figure out the causesreason, it is aim to offer technical support for exploiting or repairing them. This thesispointed out the traditional vulnerability technique researches and their limitations. Andbased on Fuzz technology and document format parsing, We propose a new techniqueof exploiting vulnerability and design resolutions for engineering accomplishment. Atlast,we get a automation tools by programming. it can substantially improve theefficiency of vulnerability exploiting technique.The design scheme of my thesis, in the first place, our module analysis the templatedocument form and find sensitive data in the document. In the second place, modifydocument data according to designed modifying mode and create test document. Thenit will call the target program for testing Automatically. The program record theexceptional information and the error code in the running process of the target program.At last, we will analyze the exceptional information and find out the cause of thevulnerability,we write a exploit if the vulnerability can be used. My design have greatlyimproved the efficiency and effects of vulnerability exploiting and have demonstratedits practical value. Also we presents some measures to prevent vulnerability in finally.