ion
aSpects.0n
aSpect,teSts缸.ategyis
demalld.埘v呱
explored
tOcoverthe
doubt如ldef宅ctivestatementS.OntheotheraSpe鸭
is,aSf.ew
demaIld一“Ve皿that
p砒s
aS
possible
are
i11恤
process,maillmetllodSusedi11Which
on.demalldschedulillg,
testgene阳tionof
on?demand
baCI抵l(ing,on—demaIldexp砒lsio玛etc.Automated
inte巾roceduraland
securit)rdef.ectSis
demand一“Ven
methodShould
greauy
mitigatet11epathexplosionproblem.
3.DesignanddetectionsystemAdemarld—driVeniIllplemented.The
prototype曲plementation
of
a
demalld—d矗venautomatiede诧Ct
amomaticdefect
isbaSedIIl
on
detection
prototype
systemhaSbeen
systemsolVer.
mePhoellixtlle
compiler丘锄ework,Gcc
haLs
beendesiglled
sourceaSa
compiler
aIld
Z3
additioIl’
syStem
caIl
cross-platf_0rrnscalablean甜ysis觑lIllework,wMch
Ⅱ
analyzetlle
codes
on
Abs仃act
both
W.mdows
platfom
aIld
LirnⅨplatfom.The
oft11e
protot),pe
sySt锄l碰IbeenuSedt0
securi哆def.ects
are
checksomeopen
source
softwares.The
seVeraLlpublicized
verified.UndertlleeXecution
guidallCe
patCh血f.0mation,it血ds眦publicized
triggerⅡledefectiVe
pa血sa11dinputs
wtliCh
call
statemellts
again
bypaSsingtlle
patch蚴emeDts.It
showSt11e
feaLsibil时ande能ctiVeness
oft11e
demand.埘venautomated
Wbrds:Automated
teStgeneration.
Key
test
genera:tion,so凤哪ede‰tdetectio玛demand-嘶V呱
sylllbolicexecution,WIlite-boxtestir培
Ⅲ
图目录
图目录
图1.1论文结构…………………………………………………………………………….5图2.1缓冲区溢出前后的内存映像……………………………………………………….8图2.2用IDA查看confji加-file函数的流程块图…………………………………..16图2.3用IDA查看conf-finQ-f订e函数的反汇编码…………………………………..16图2.4用IDA查看Ete珈引用的库………………………………………………………l
7
图2.5漏洞的触发流程图…………………………………………………………………18图2.6在Ox08048460处下断点…………………………………………………………。24图2.7
程序执行到Ox400a4a73时的栈空间……………………………………………。25图2.8断点Ox400a4ac8之后的语句块…………………………………………………。26图2.91ibast—O.5库的.bss段…………………………………………………………。31图2.10用IDA查看libast一0.5库的段空间分布………………………………………37图2.11精心构造的配置文件名字conf-n锄e的结构………………………………….40图2.12n锄e变量溢出时的内存映像………………………………