【正文】 獨創(chuàng)性聲明本人聲明所呈交的學位論文是我個人在導師指導下進行的研究工作及取得的研究成果。盡我所知，除文中已經標明引用的內容外，本論文不包含任何其他個人或集體已經發(fā)表或撰寫過的研究成果。本人完全意識到，本聲明的法律結果由本人承擔。本人授權華中科技大學可以將本學位論文的全部或部分內容編入有關數(shù)據(jù)庫進行檢索，可以采用影印、縮印或掃描等復制手段保存和匯編本學位論文。不保密 √。微軟的 COM組件對象模型是當今比較成熟的軟件組件模型之一，被廣泛應用于 Windows 操作系統(tǒng)和應用程序中。緩沖區(qū)溢出漏洞一直是安全漏洞最常見的一種形式。一個重要的原因就是 C/C++允許通過指針進行間接內存訪問但沒有緩沖區(qū)邊界檢查和提供了大量對緩沖區(qū)可能存在不安全操作的庫函數(shù)，在 Windows 操作系統(tǒng)中也存在類似的函數(shù)。根據(jù) COM 組件多數(shù)情況下源代碼未可知的測試特點，基于 COM 組件的二進制代碼實現(xiàn)對其可能存在的棧緩沖區(qū)溢出漏洞的檢測。建立適用 COM 組件的危險函數(shù)庫，在匯編代碼中識別危險函數(shù)的調用位置，然后根據(jù)危險函數(shù)參數(shù)的類型通過掃描識別不同的緩沖區(qū)，將聲明的緩沖區(qū)大小和使用的緩沖區(qū)大小等價為整數(shù)范圍，依據(jù)制定的緩沖區(qū)溢出標準檢測溢出漏洞?；谝陨瞎ぷ?，實現(xiàn)了一個 COM 組件棧緩沖區(qū)溢出漏洞檢測原型系統(tǒng)。s Component Object Model (COM) is a relatively mature one of software ponent models, which is widely used in Windows operating system and application programs. Along with the prevalence of COM, more and more security problems are exposed, of which buffer overflow constitutes a high proportion.Buffer overflow has been one of the monest forms of security holes. It mainly exists in the non typesafe languages, such as C and C++. However, new generation languages, such as Java and C, do not have this problem. One of the most important reasons is that C allow indirect memory access by pointer without boundary check and provide many unsafe functions which may cause buffer overflow. Meanwhile, there are such functions in Windows operating system. Therefore, if effective means can be adopted to detect buffer overflow, security of ponent software will be greatly enhanced.Buffer overflow detection based on binary code is thoroughly studied in this thesis because in most cases the source code of COM is unknown. A detection algorithm is proposed by modeling the buffer overflow problem and transform it to ranges parison of integers. First, establish an unsafe function library of COM and use it to distinguish unsafe function calls in assembly code. Second, according to types of arguments passed to unsafe functions, different buffers are distinguished. Third, obtain ranges of integers based on the size of declared buffers and allocated ones. Last, use buffer overflow detection criterion made by this thesis to detect buffer overflow. COM uses virtual table to locate functions. According to this structural characteristics, this thesis realise accurate positioning of user functions and extract their dependence relations by means of IDC script language. Based on the work mentioned above, a prototype system that can detch stack buffer overflow of COM is realised.Keywords: buffer overflow,static analysis, binary code, COM ponent,unsafe functionIV華 中 科 技 大 學 碩 士 學 位 論 文目 錄摘 要 ...............................................................................................................IABSTRACT.....................................................................................................II1 緒 論 課題背景 ...............................................................................................(1) 國內外概況 ...........................................................................................(2) 論文主要研究工作 ...............................................................................(4) 論文結構 ...............................................................................................(5)2 COM 組件及棧緩沖區(qū)溢出漏洞檢測方法基礎 COM 組件 .............................................................................................(6) 緩沖區(qū)溢出原理 ...................................................................................(8) 棧緩沖區(qū)溢出檢測技術 .....................................................................(11) 小結 .....................................................................................................(19)3 COM 組件棧緩沖區(qū)溢出漏洞檢測技術 函數(shù)的識別 .........................................................................................(21) 參數(shù)的識別 .........................................................................................(25) 函數(shù)的返回值 .....................................................................................(25) 變量的識別 .........................................................................................(27) COM 組件危險函數(shù)庫建立 ...............................................................(30) 小結 .....................................................................................................(34)4 COM 組件棧緩沖區(qū)溢出漏洞檢測系統(tǒng)設計與實現(xiàn) 模塊結構和功能 .................................................................................(35)V華 中 科 技 大 學 碩 士 學 位 論 文 主要數(shù)據(jù)結構 .....................................................................................(36) 函數(shù)定位模塊實現(xiàn) .............................................................................(37) 棧溢出靜態(tài)分析模塊實現(xiàn) .................................................................(38) 結果輸出模塊實現(xiàn) .............................................................................(47) 與 CSTS 的接口 ..................................................................................(49) 小結 .....................................................................................................(50)5 實驗與測試 實驗目的 .............................................................................................(51) 實驗 環(huán)境 .............................................................................................(51) 測試用例 .............................................................................................(52) 測試結果 .............................................................................................(53)6 總結與展望 工作總結 .............................................................................................(59) 工作展望 .............................................................................................(60)致謝 .............................................................................................................(61)參考文獻 .....................................................................................................(62)附錄 攻讀學位期間