Research On Stack Overflow Vulnerability Site Location And Automatic Exploit Generation Technology

With the development of computer technology,the types and functions of software continue to increase,bringing great convenience to people's study,work and life.At the same time,the number and types of security vulnerabilities in software continue to grow,not only threatening computer systems and users,but also causing serious damage to the country's important industries and network security.At present,vulnerability analysis and recurrence are mainly based on manual analysis by security researchers,lacking effective automated tools and methods.Vulnerability analysis and exploit are highly dependent on the analysis experience of security researchers and cannot meet the needs of vulnerability assessment and timely defense.This paper takes the frequently occurring stack overflow vulnerabilities as the research object,and proposes a stack overflow vulnerability site location and automatic exploit generation technology to improve the efficiency of vulnerability analysis.The work of this paper mainly includes:1)Proposing a crash site analysis technical solution based on binary instrumentation and expert knowledge.This technology performs dynamic instrumentation on the process of the vulnerable program from starting,loading PoC(Proof of Concept)and crashing,and generates instruction flow logs.Then based on the Windows exception handling mechanism to backtrack the instruction flow logs to locate the vulnerability crash site at the basic block level.2)A vulnerability site technical solution based on dynamic symbolic taint analysis is proposed.Combining crash site instructions and function stack data and based on dynamic symbolic taint analysis,the vulnerability site is located from the set of dangerous functions and the data change process from the vulnerability site to the vulnerability crash site is recorded.3)Proposing an automatic exploit generation technical solution of stack overflow vulnerability.Based on the vulnerability crash site and vulnerability site information,and by collecting and finding gadget instruction fragments according to the register construction target,the exploits are constructed for various vulnerability scenarios.By testing and comparing,the paper has realized the location of vulnerability crash site for 15 large-scale applications including multiple types of vulnerabilities.The success rate is much higher than that of WinDbg,and it is suitable for multiple types of vulnerabilities.In addition,the paper has successfully located the vulnerability crash site and vulnerability site for 79 types of stack overflow vulnerability scenarios and completed vulnerability site location and exploit generation for 55 CTF stack overflow problems and 8 large-scale applications.Compared with the current results,the paper also generates the exploits for Data Execution Prevention and Address Space Layout Randomization mechanisms.This paper realizes the location of the vulnerability crash site and vulnerability site and automatic exploit generation,forms a complete vulnerability analysis chain,and improves the efficiency of vulnerability analysis.