Detection techniques of format-string vulnerabilities in binary files

Abstract

Current detection techniques are mostly limited to the source code level, and research on the binary files is few. Based on the stack pointer and the argument pointer of the format-string, the attacking principles of format-string vulnerabilities were researched. A new method to detect format-string vulnerabilities in binary files was brought forward. By analyzing the method that the model adopted, the particular means and processes to construct the attacking codes were presented. In order to improve the effectiveness of the detection, the attacking code constructions for different systems were studied. At last, an example was given to demonstrate the validity of the detection model.