Research On Vulnerabilities Discovery Method Based On Improved In-memory Fuzzing

With the growing popularity of computer,buffer overflow?integer overflow?format string vulerability and other vulnerabilities threat to the safty in use of the users.While traditional Vulnerabilities Discovery technology is mature, but there are some difficulties when using procedures such as encryption and other security mechanisms for testing.Ainming at this problem, this paper presents an Vulnerabilities Discovery Method based on improved In-Memory Fuzzing, This method is based on the original In-Memory Fuzzing technology,and the selection mode of measured function has been improved,so that a higher degree of automation, and can effectively discover the program's vulnerabilities.By using an auto function select method that using an method which combines the static characteristic analysis technology and the dynamic analysis technology. In the static analysis phase, we divide the assembly instruction sequence of the program according to the control flow transferring instruction. According to some of the features of the high-risk functions, it can primitively screened the function which is divided. In the dynamic analysis phase, using the approach of Taint Analysis,injecting external data into the function of preliminary screening and track these data, and identify the function of processing these external data, then finally screen the hazard function. After screening out the hazard function by using the testing method called Snapshot Restore Mutation. Snapshot point and restore point are provided by noting the start and end addresses of these functions and then executed the target program. We save current snapshot of the program when the program has been executed to the function snapshot point,Restore the program and inject the test case into measured function and monitor the run of program when the program has been executed to the function restore point.By using the method we designed and achieve a prototype and test a server program which use encrypted data. The prototype discover the vulnerability in the program successfully which verify the correctness, effectiveness and feasibility of our method. It can also be used into Vulnerabilities Discovery of the general program.It means that it is a universal method.