Buffer Overflow Vulnerability Location in Binaries Based on Abnormal Execution

Abstract

Buffer overflow is a very common and dangerous vulnerability. Now there are many methods and tools for this vulnerability, but it is difficult to locate it in binary code. Due to the lack of program semantics in binary programs, it is difficult to determine whether the memory access exceeds its boundary, so we can restore its memory layout to locate the vulnerability. This paper proposes a method: for the same program, input a group of successful execution and abnormal execution data respectively, and then recover the memory of the two kinds of execution. If the memory of successful execution recovery is taken as the buffer boundary, it is easier to judge the buffer overflow in the abnormal execution. In this paper, 20 programs with buffer overflow vulnerability are tested. The experimental results show that the proposed method is more effective than some static program analysis tools in terms of time cost and vulnerability location accuracy.