Applied Sciences (Jun 2022)

ExpGen: A 2-Step Vulnerability Exploitability Evaluation Solution for Binary Programs under ASLR Environment

  • Hui Huang,
  • Yuliang Lu,
  • Zulie Pan,
  • Kailong Zhu,
  • Lu Yu,
  • Liqun Zhang

DOI
https://doi.org/10.3390/app12136593
Journal volume & issue
Vol. 12, no. 13
p. 6593

Abstract

Read online

Current automatic exploit generation solutions generally adopt an 1-step exploit generation philosophy and neglect the potential difference between analysis-time environment and runtime environment. Therefore, they usually fail in evaluating exploitability for vulnerable programs running in an ASLR environment. We propose ExpGen, a 2-step vulnerability-exploitability evaluation solution for binary programs running in an ASLR environment, with three novel techniques introduced, separately partial-exploit sensitive-POC generation, exploitation context sensitive analysis-time exploit generation, and runtime exploit relocation. ExpGen firstly generates an analysis-time exploit that can carry out all the desired exploitation steps through applying the first two techniques in an iterative manner, then dynamically gaps the address-space layout differences between the analysis-time environment and runtime environment by adopting the runtime exploit-relocation technique, making the analysis-time exploit dynamically adaptable to the runtime exploitation session. Using a benchmark containing six test programs, 10 CTF&RHG programs and four real-world applications with known vulnerabilities, we demonstrate that ExpGen can effectively generate partial exploit input that carries out some address-leakage event and provide a complete automated exploitability evaluation workflow on vulnerable programs running in the ASLR environment.

Keywords