Identify Stack Overflow Exploits with Dynamic Binary Instrumentation

Abstract

This paper describes DStack, a dynamic binary instrumentation tool for identifying overflows in stack frames in C and C++ programs. This technique is designed for detecting if a particular stack value, namely a return address, was corrupted because of a stack overflow. Thus, DStack is useful for identifying intrusion attempts but also for checking the run-time robustness of applications. We implemented a proof-of-concept tool based on Pin, a popular dynamic binary instrumentation framework. We have evaluated the tool on two real-world CVE vulnerability and the results shown that it can help identify the root causes of stack overflow effectively.