Locating Vulnerabilities in Binaries via Memory Layout Recovering

Haijun Wang, Xiaofei Xie, Shang-Wei Lin, Yun Lin, Yuekang Li, Shengchao Qin, Yang Liu, Ting Liu

Research output: Chapter in Book/Report/Conference proceedingConference contribution

697 Downloads (Pure)


Locating vulnerabilities is an important task for security auditing, exploit writing, and code hardening. However, it is challenging to locate vulnerabilities in binary code, because most program semantics (e.g., boundaries of an array) is missing after compilation. Without program semantics, it is difficult to determine whether a memory access exceeds its valid boundaries in binary code. In this work, we propose an approach to locate vulnerabilities based on memory layout recovery. First, we collect a set of passed executions and one failed execution. Then, for passed and failed executions, we restore their program semantics by recovering fine-grained memory layouts based on the memory addressing model. With the memory layouts recovered in passed executions as reference, we can locate vulnerabilities in failed execution by memory layout identification and comparison. Our experiments show that the proposed approach is effective to locate vulnerabilities on 24 out of 25 DARPA’s CGC programs (96%), and can effectively classifies 453 program crashes (in 5 Linux programs) into 19 groups based on their root causes.
Original languageEnglish
Title of host publicationThe 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering
Number of pages11
Publication statusPublished - 26 Aug 2019


Dive into the research topics of 'Locating Vulnerabilities in Binaries via Memory Layout Recovering'. Together they form a unique fingerprint.

Cite this