Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A method and device for locating buffer overflow vulnerabilities

A technology of buffer overflow and positioning method, which is applied in the field of information security, can solve the problems of function call relationship loss, dependence, false positives, etc., and achieve the effect of fast positioning, fast overflow function and overflow address

Active Publication Date: 2020-06-05
WUHAN GREENET INFORMATION SERVICE
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

This method can overcome the above-mentioned problem of loss of function call relationship caused by buffer overflow overwriting the stack frame, but this method has two shortcomings, one is relying on the ability of the decompiler tool, and the other is when the program When the execution paths are different, it will cause false positives

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for locating buffer overflow vulnerabilities
  • A method and device for locating buffer overflow vulnerabilities
  • A method and device for locating buffer overflow vulnerabilities

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0052] The present invention will be described in detail below in conjunction with the accompanying drawings and embodiments.

[0053] The idea of ​​the present invention is to use the expired data on the stack to reconstruct the function call relationship to locate the overflow function, which is essentially different from the conventional stack backtracking method and the prior mapping method of the function call flow chart. Since the change of the expired data on the stack itself is chaotic, some conventional methods are not aware of the effect of the expired data on the stack. The present invention proposes a A new way to quickly locate overflowing functions.

[0054] In the present invention, the function call that causes buffer overflow is called "overflow function".

[0055] In the present invention, for the situation that the stack grows from a high address to a low address in the memory, "expired data" refers to the data stored in those memory units whose address is ...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention relates to a method and an apparatus for locating buffer overflow vulnerability. According to the method and the apparatus, outdated data information on a stack can be used to reestablish a function calling relation chain in the case that buffer overflow at the stack covers a stack frame address and a function return address, and an overflow function can be further directly located by virtue of the reestablished function calling relation chain. The method comprises the following steps: when the buffer overflow occurs, allowing a current program to be interrupted by an error so as to avoid the execution of a malicious code; taking an address indicated by a current ESP register as a starting point, and successively finding and determining an outdated stack frame pointer and an outdated return address from outdated data on the stack, wherein a value of the outdated return address is the return address of a last sub-function called by the overflow function, and a function corresponding to the return address is the overflow function. According to the method and the apparatus, a novel way of directly locating the overflow function rather than the way of adopting a stack calling function for successively backtrackeing is used, a vulnerability function is located by using the outdated data on the stack, different situations are classified to be processed, so that the outdated data can be reused, and the overflow function and the overflow address can be rapidly located.

Description

technical field [0001] The invention relates to a method and device for locating a buffer overflow vulnerability, belonging to the technical field of information security. Background technique [0002] In the field of information security, software vulnerability analysis is a very important part. Among the many types of vulnerabilities, buffer overflow vulnerabilities are the most common type of vulnerabilities. Buffer overflow, according to the location of the buffer, is divided into stack overflow and heap overflow. Stack buffer overflow refers to the overflow of the buffer by writing the content exceeding its length to the buffer of the program, thereby destroying the stack of the program, making the program execute the data constructed by the attacker instead, so as to achieve the purpose of executing malicious code . [0003] When analyzing the cause of the vulnerability, it is very necessary to quickly locate the point where the vulnerability occurs. If the function...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/52G06F21/57
CPCG06F21/52G06F21/577
Inventor 侯贺明程波
Owner WUHAN GREENET INFORMATION SERVICE
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com