軟體的大小與複雜度日益增加,增加了軟體漏洞的問題,這樣在[1]中所提到的觀點。近年來軟體漏洞成長數目在幾年內成長好幾倍,而最常見的緩衝區溢位問題卻一再被發現,如WebDav、sendmail、samba [1]。 雖然近幾年已有許多人投入緩衝區溢位的研究,也有些偵測的方法與原理問世,如StackGuard、StackShield。但其各有優缺點與其限制。因此本研究是提出一個較為簡易且通用的偵測方法,讓使用者能不依那些現成的工具也能自我檢測找出漏洞。 本論文提出的偵測方法,是對程式所輸入的資料做檢查,當發現軟體程式當掉,隨即找出輸入資料中造成溢位的地方,再追蹤此溢位地方的內容為記憶體,比對其內容是否為系統內部的跳躍碼,來判定是否為溢位攻擊。
At the thesis “On the Development of an Automatic Tool for Detecting Buffer Overflow Vulnerabilities”[1] of NCU by Tseng Yun, it presented that the software size is getting bigger and more complex so that it is getting more software vulnerabilities. Recently the number of the vulnerabilities is few times than before, but the buffer overflow vulnerability is always discovered, such as WebDav, sendmail and samba. Although there are many people contributing to this study recently, and there are some detecting methods and thesis presented. But they have their own disadvantage and limit. At this thesis, we present an easy and common detecting method to make users can detect without other tools by themselves. At this thesis, we presented a detecting method to check the input data of the program. As the program crashed, we could find out the place causing stack overflow in input. Then we traced this content in memory and compared it with jump instruction to check if the stack overflow attack was.