Windows软件漏洞模糊测试与样本分析

发布时间：2018-04-01 06:02

本文选题：缓冲区溢出　切入点：逆向工程　出处：《北京邮电大学》2014年硕士论文

【摘要】：近几年来,通信技术飞速发展,计算机网络大范围普及,大量的网络应用软件由此应运而生,这也使得软件安全漏洞成为网络安全风险的主要来源。因一系列高危漏洞的曝光造成的巨大经济损失,使得漏洞挖掘与分析展现出巨大的经济价值。在此背景下,传统的漏洞挖掘技术效率低,精准度不高,而新出现的漏洞挖掘技术实施难度大,加大了应用新技术开发工具的难度。利用逆向分析方法对软件漏洞进行分析,缺少范用性的体系与作业流程供分析者参考。本文研究Windows平台软件漏洞,主要做了以下几方面工作。本文首先介绍了Windows平台软件常见的漏洞模型,包含栈溢出漏洞、堆溢出漏洞。并且实际编写代码,将漏洞重现。先介绍与这些漏洞关联的操作系统知识,之后通过对实际包含漏洞的代码进行分析,详细阐述了漏洞的形成原理以及利用方法。之后对ShellCode编码理论进行概述。基于逆向工程的漏洞挖掘技术是本文研究的重点,在无法获得程序源代码进行白盒测试时,该技术对于软件漏洞挖掘具有重要意义。本文介绍了应用逆向工程进行漏洞挖掘的方法,首先从漏洞分析方法出发,介绍了常用的分析技术,并对应用这些技术可分析的漏洞技术点进行了概述。之后介绍了应用逆向技术的模糊测试方法,从漏洞测试的过程和漏洞测试方法两方面对模糊测试技术进行了介绍。之后将逆向技术与基于内存数据的FUZZ技术相结合,对漏洞模糊测试工具进行了详细的设计,提出了系统的实现方案。该工具使用逆向技术定位数据源,使用在内存中直接修改数据源数据的方式进行模糊测试,具有实现简单,效率更高等优点。最后,本文从漏洞重现代码(POC)入手,从定位漏洞位置,分析漏洞形成原因,分析ShellCode代码,分析恶意代码四个方面,实地分析了CVE-2009-3129,CVE-2012-0158,CVE-2012-1889这三个经典漏洞,将理论与实际操作进行了很好地结合。
[Abstract]:In recent years, with the rapid development of communication technology and the wide spread of computer network, a large number of network application software emerged as the times require. This also makes the software security vulnerability become the main source of network security risk. Because of the huge economic loss caused by the exposure of a series of high-risk vulnerabilities, the vulnerability mining and analysis shows great economic value. The traditional vulnerability mining technology has low efficiency and low accuracy, but the new vulnerability mining technology is difficult to implement, which makes it more difficult to apply new technology development tools. The reverse analysis method is used to analyze the software vulnerability. This paper studies the software vulnerability of Windows platform, and mainly does the following work. This paper first introduces the common vulnerability model of Windows platform software, including stack overflow vulnerability, heap overflow vulnerability. After that, by analyzing the code that contains the vulnerability, the forming principle and the utilization method of the vulnerability are explained in detail, and then the ShellCode coding theory is summarized. Vulnerability mining technology based on reverse engineering is the focus of this paper. When the program source code can not be obtained for white-box testing, This technology is of great significance for software vulnerability mining. This paper introduces the method of vulnerability mining using reverse engineering. Then, the fuzzy testing method based on reverse technology is introduced, which can be analyzed by using these techniques. This paper introduces the fuzzy testing technology from two aspects of vulnerability testing process and vulnerability testing method. Then combining reverse technology with FUZZ technology based on memory data, the vulnerability fuzzy testing tool is designed in detail. This tool uses reverse technology to locate the data source and directly modify the data source in memory for fuzzy test, which has the advantages of simple implementation and higher efficiency. Finally, this paper starts with the vulnerability reproducing code (POC), analyzes the reasons for the vulnerability formation, analyzes the ShellCode code, analyzes the malicious code from four aspects, and analyzes the three classic vulnerabilities of CVE-2009-3129CVE-2012-0158CVE-2012-1889. The theory is well combined with the practical operation.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08;TP311.53

【参考文献】