Buffer overflow vulnerability digging and exploit Methods
|School||Huazhong University of Science and Technology|
|Course||Computer System Architecture|
|Keywords||Vulnerability Discovery Vulnerability Analysis Loopholes in take advantage of Reverse Engineering Fuzzing Buffer Overflow|
With the computer and network technology, the rapid development of computer network crime after another, crimes against computer networks increasingly important . In addition, information warfare will inevitably become a new way of fighting . Therefore, the study vulnerability discovery and use of technology , whether it is from combat computer or from the information against cyber crime is to have important theoretical significance and practical value. Analysis of the current loopholes in two main mining method , illustrates these methods vulnerabilities mining technical ideas , summed up the advantages and disadvantages of each , on the basis of vulnerability analysis gives the basic steps . Around the exploits technology development, analysis of the stack overflow and heap overflow exploit the basic principles and techniques . In summing up the traditional mining methods lack vulnerability , based on exploratory manner given based on reverse engineering and Fuzzing test loophole mining method , the method described guiding ideology and technical ideas . Based on the proposed mining method loophole around SSReader exists a 0day vulnerabilities , illustrate the vulnerability detailed mining process , gives the reasons for the formation of the vulnerability . For the excavated SSReader loopholes to exploit the vulnerability discussed the feasibility , given exploit the design principles and design ideas, design the corresponding exploits . Program implementation around the exploits of the key technologies involved , highlighting the main points of the Shellcode writing , including return address location , API (Application Programming Interface) function call address Shellcode dynamic positioning as well as security measures . Actual operating results show that the test based on reverse engineering and vulnerability Fuzzing mining method is a balance between automation and purposeful loophole mining method that can efficiently dig out some unknown vulnerabilities. And for SSR (Super Star Reader) vulnerabilities in addition to the use of the program has a strong versatility and stability , but also runs on multiple operating systems , and can successfully avoid the mainstream anti- virus software for monitoring and killing , with some practical value.