基于Fuzzing的漏洞挖掘与溢出利用技术研究

AbstractWith the Development of Computer Science,People's lives become increasinglyinseparable from all kind of Computer Software.And with the advent of a largenumber of application software the issue of security become draw more and morepeople's attention.Attackers often exploit software vulnerabilities to bypass thesecurity defense of system directly,and then control the whole operating system.As a branch of software security,vulnerability discovery aimed at improve thequality of software,As early as possible before Attracter find the Security issue,Reduce security risks.Traditional vulnerabilities discovery mainly through thewhite-box testing base on source-code,it is not only require auditor have knowledgeof coding program and function of products,but also need to get the source-code ofproducts.Use Fuzzing in vulnerabilities discover means you can auditor software notrequire access to source-code.Fuzzing can be more efficient to audit critical securityvulnerabilities than traditional code audit.This paper base on the method of vulnerabilities analysis on windows Operatingsystem,Using Fuzzing to achieve automation software security testing.Firstly itcomes up with two methods to generate malformed file:Content-based andstructure-based,and Secondly it use the disassembly engine-libdasm to monitor theexception of target software.Finally it use C#and C programming language toachieves a visual tools for Fuzzing and aids auditor to analysis vulnerabilities.Keywords:Fuzzing;Vulnerability Discovery Exploiting;Software Security;SecurityTesting;File Format Vulnerability