Design And Implementation Of Visualization System For Binary Vulnerabilities Exploitation

At present,the research of network security visualization technology is mostly oriented to the field of network attack,and the direction,target,frequency and geographical location of network attack are visualized.For the process of vulnerability exploitation,the existing vulnerability detection technology often only focuses on the existence of vulnerability attacks,and dynamic memory detection technology can only obtain a single memory error information,lack of a visual method to show the binary vulnerability exploitation process and visualization.A visualization method of binary vulnerability exploitation process based on "record-replay" is proposed,which analyzes buffer overflow,fastbin attack and other vulnerability exploitation methods,and visualizes the three exploit steps of obtaining the address,controlling the program execution flow,and obtaining the shell.Firstly,the ptrace technology is used to track the whole process of the target program being attacked,record the memory snapshot of the target program entry point and the system call information that will generate uncertain input.Then load binary files such as target programs and shared libraries in angr,initialize the program entry point memory and use it as the starting point for replay;use Sim OS to simulate the execution of system calls and replay the recorded system call information in order to achieve the purpose of replaying the vulnerability exploit process.After repeated replay analysis,set the insertion point for secondary replay based to the results of one replay,monitor abnormal behavior of address leakage,GOT table modification,and shellcode injection.And dynamically maintain monitoring of shadow stack and heap chunks,to capture abnormal behavior of modification for function return address and heap memory.Through this method,the key points and processes of vulnerability exploitation are perceived and presented in many aspects.Finally,the captured abnormal behavior information is generated to visual report.After testing the CTF examples and three real softwares,the results show that this method can accurately capture abnormal behaviors in exploit methods such as buffer overflow attacks and fastbin attacks,and can present the process or key points in the process of exploiting the vulnerability.And compared with gdb debugging tools,it provides richer and more accurate information of vulnerability exploitation.