| Recently,more and more software vulnerabilities are disclosed.The traditional method of manually analyzing program vulnerabilities and writing exploits is time-consuming,so researchers tend to study on automatically discover and exploit the vulnerabilities.There are two main challenges in automatic vulnerability analysis and exploit generation based on symbolic execution.The first is how to effectively analyze vulnerable programs,reduce overhead in symbolic execution,and focus on program crashes and reproduce program vulnerabilities as soon as possible.The second is how to effectively deal with different vulnerability scenarios and generate feasible vulnerable applications.In response to the above two challenges,the research results of this paper are as follows.1.A priority algorithm based on control flow graph guidance is proposed to lead symbolic execution to the crash point,and at the same time,the path satisfiability judgment is made through specific inputs,and a constraint post-solution strategy is proposed to optimize the execution of nonlinear constraint functions and reduce overhead;2.An extensible exploit model is proposed,which allows users to provide custom exploit description files to customize exploit generation,and implements symbolic region search method and chain description files inside the symbolic execution engine,allowing the exploit process to be completed step by step.3.Based on the above research content,this paper implements a complete vulnerability analysis and utilization system.We used the binaries from Robo Hacking Games and real world program to demonstrate the validity and efficiency of the system.The experiment results shows that the system can effectively reproduce program crashes and generate feasible exploits according to different situations. |
PDF Full Text Request