摘要:
A system described herein includes a receiver component that receives source code from a computer-readable medium of a computing device and a static analysis component that executes a points-to analysis algorithm over the source code to cause generation of a points-to graph, wherein the points-to graph is a directed graph that comprises a plurality of nodes and a plurality of edges, wherein nodes of the points-to graph represent pointers in the source code and edges represent inclusion relationships in the source code. The system also includes an inference component that infers target types for generic pointers in the source code based at least in part upon known type definitions and global variables in the source code.
摘要:
The claimed subject matter provides a system and/or method that generates data patches for vulnerabilities. The system can include devices and components that examine exploits received or obtained from data streams, constructs probes and determines whether the probes take advantage of vulnerabilities. Based at least in part on such determinations data patches are dynamically generated to remedy the hitherto vulnerabilities.
摘要:
Technologies pertaining to detecting accesses to monitored regions of memory and transmitting data to a protection system responsive to the detecting are described herein. A region of memory that includes objects in an object graph utilized by an operating system to determine which processes to execute and an order to execute such processes is monitored. If a process executing on a processor attempts to write to an object in the object graph, a field that is being written to is identified, and a determination is made regarding whether the field includes a pointer. Based upon whether the field includes a pointer, a type of write desirably undertaken by the object is ascertained, and an object event is transmitted to the protection system that informs the protection system of the type of write.
摘要:
A “Demand-Driven Pointer Analyzer” (DDPA) provides a “demand-driven” field-sensitive pointer analysis process. This process rapidly and accurately identifies alias sets for selected pointers in software modules or programs of any size, including large-scale C/C++ programs such as a complete operating system (OS). The DDPA formulates the pointer analysis task as a Context-Free Language (CFL) reachability problem that operates using a Program Expression Graph (PEG) automatically constructed from the program code. The PEG provides a node and edge-based graph representation of all expressions and assignments in the program and allows the DDPA to rapidly identify aliases for pointers in the program by traversing the graph as a CFL reachability problem to determine pointer alias sets. In various embodiments, the DDPA is also context-sensitive.
摘要翻译:“需求驱动的指针分析器”(DDPA)提供了一个“需求驱动的”现场敏感指针分析过程。 此过程可快速准确地识别软件模块或任何大小的程序(包括大型C / C ++程序,如完整的操作系统(OS))中的所选指针的别名集。 DDPA使用由程序代码自动构建的程序表达式图(PEG)来运行,使指针分析任务形成为无上下文语言(CFL)可达性问题。 PEG提供程序中所有表达式和赋值的节点和边缘图表示,并允许DDPA通过遍历图形来快速识别程序中的指针的别名,作为CFL可达性问题,以确定指针别名集。 在各种实施例中,DDPA也是上下文相关的。
摘要:
A system described herein includes a receiver component that receives source code from a computer-readable medium of a computing device and a static analysis component that executes a points-to analysis algorithm over the source code to cause generation of a points-to graph, wherein the points-to graph is a directed graph that comprises a plurality of nodes and a plurality of edges, wherein nodes of the points-to graph represent pointers in the source code and edges represent inclusion relationships in the source code. The system also includes an inference component that infers target types for generic pointers in the source code based at least in part upon known type definitions and global variables in the source code.
摘要:
A “Demand-Driven Pointer Analyzer” (DDPA) provides a “demand-driven” field-sensitive pointer analysis process. This process rapidly and accurately identifies alias sets for selected pointers in software modules or programs of any size, including large-scale C/C++ programs such as a complete operating system (OS). The DDPA formulates the pointer analysis task as a Context-Free Language (CFL) reachability problem that operates using a Program Expression Graph (PEG) automatically constructed from the program code. The PEG provides a node and edge-based graph representation of all expressions and assignments in the program and allows the DDPA to rapidly identify aliases for pointers in the program by traversing the graph as a CFL reachability problem to determine pointer alias sets. In various embodiments, the DDPA is also context-sensitive.
摘要翻译:需求驱动指针分析器(DDPA)提供了一种需求驱动的现场敏感指针分析过程。 此过程可快速准确地识别软件模块或任何大小的程序(包括大型C / C ++程序,如完整的操作系统(OS))中的所选指针的别名集。 DDPA使用由程序代码自动构建的程序表达式图(PEG)来运行,使指针分析任务形成为无上下文语言(CFL)可达性问题。 PEG提供程序中所有表达式和赋值的节点和边缘图表示,并允许DDPA通过遍历图形来快速识别程序中的指针的别名,作为CFL可达性问题,以确定指针别名集。 在各种实施例中,DDPA也是上下文相关的。
摘要:
The claimed subject matter provides a system and/or method that generates data patches for vulnerabilities. The system can include devices and components that examine exploits received or obtained from data streams, constructs probes and determines whether the probes take advantage of vulnerabilities. Based at least in part on such determinations data patches are dynamically generated to remedy the hitherto vulnerabilities.
摘要:
Systems and methods for automatically reverse engineering an input data format using dynamic data flow analysis. Combining input data with a simulated execution of the binary program using the input data and analyzing the use of the data by the program to generate a BNL-like grammar representing the input data format. The input data can be application level protocols, network protocols or formatted files.
摘要:
Technology is described for malware investigation by analyzing computer memory in a computing device. The method can include performing static analysis on code for a software environment to form an extended type graph. A raw memory snapshot of the computer memory can be obtained at runtime. The raw memory snapshot may include the software environment executing on the computing device. Dynamic data structures can be found in the raw memory snapshot using the extended type graph to form an object graph. An authorized memory area can be defined having executable code, static data structures, and dynamic data structures. Implicit and explicit function pointers can be identified. The function pointers can be checked to validate that the function pointers reference a valid memory location in the authorized memory area and whether the computer memory is uncompromised.
摘要:
Technologies pertaining to detecting accesses to monitored regions of memory and transmitting data to a protection system responsive to the detecting are described herein. A region of memory that includes objects in an object graph utilized by an operating system to determine which processes to execute and an order to execute such processes is monitored. If a process executing on a processor attempts to write to an object in the object graph, a field that is being written to is identified, and a determination is made regarding whether the field includes a pointer. Based upon whether the field includes a pointer, a type of write desirably undertaken by the object is ascertained, and an object event is transmitted to the protection system that informs the protection system of the type of write.