Research On Location Method Of Fuzz Test Entiy Program Based On Dynamic Analysis

With the comprehensive construction of national modernization and informatization,software applications have become an indispensable part of people’s daily life.However,software vulnerability security incidents continue to occur,and incidents of criminals using software vulnerabilities to launch attacks emerge in an endless stream.A large amount of software is released in the form of closed-source programs,so the problem of security vulnerabilities of binary programs is particularly obvious.Automated fuzz testing effectively reduces the manual work in the fuzz testing phase.The current methods,either rely on the header file information of the target program,or focus on the calling method of the independent dynamic link library,have little effect on the application of the test target on the main program.Aiming at this problem,this thesis proposes a method to determine the fuzzing test area and implements a fuzzing method based on snapshot recovery.The main research content of this thesis is as follows:(1)A snapshot fuzzing area positioning technology combined with dynamic analysis is proposedThrough the analysis of the file processing method of the windows platform software and the characteristics of the entry function of the fuzz test,the thesis proposes to restore the program function call graph and use the dominator tree to find the common ancestor of the Create File()and Close Handle()functions as the memory fuzz test.entry point.Determine the termination point of memory fuzzing by means of taint analysis.Through this technology,the snapshot point and termination point of the memory fuzzing test based on snapshot recovery are obtained to provide subsequent fuzzing tests.(2)Design and implement a memory fuzzing system based on snapshot recovery under windowsBy analyzing the efficient fuzzing software AFL(American Fuzzy Lop),combining its genetic variation strategy and the characteristics of windows platform software,the fuzzing method based on snapshot recovery is transplanted to windows platform.The system locates the test area by using the location method of the snapshot fuzzing test area in the previous section,and realizes the efficient fuzzing test of the user layer binary program and the GUI program under the windows platform.This thesis locates the snapshot fuzzing area of the command line program and finds that it is suitable for the entry function of winafl.The sample code is used to illustrate the difficulty of fuzzing the target program of the fuzzing test in the main program of the Graphical User Interface(GUI)program,and verify the effect of the fuzzing test in this thesis through this program.Finally,the effect of the fuzzing system based on snapshot recovery is verified by testing the real software on the windows platform.