OFFDTAN: A New Approach of Offline Dynamic Taint Analysis for Binaries

<table class="algorithm-group"><tr><td><table class="algorithm" id="alg1"><tr><td colspan="2">(1)   void myMemcpy(char si<span class="nowrap"><svg height="11.439pt" id="M81" style="vertical-align:-2.15067pt" version="1.1" viewbox="-0.0498162 -9.28833 9.10328 11.439" width="9.10328pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M290 -163V-135C183 -126 181 -122 181 -44V583C181 662 184 666 290 675V703H120V-163H290Z" id="g113-92"></path></g><g transform="matrix(.013,0,0,-0.013,4.485,0)"><path d="M226 -163V703H56V676C162 667 165 662 165 584V-43C165 -122 162 -126 56 -136V-163H226Z" id="g113-94"></path></g></svg>,</span> int count)<svg height="11.5564pt" id="M82" style="vertical-align:-2.26807pt" version="1.1" viewbox="-0.0498162 -9.28833 6.80666 11.5564" width="6.80666pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M293 -169V-141C218 -131 209 -90 209 -44C209 19 222 85 222 152C222 207 198 255 139 269V273C199 286 222 334 222 388C222 454 209 523 209 588C209 632 218 671 293 681V709C234 709 148 695 148 577C147 513 155 438 155 372C155 337 152 291 64 285V256C152 250 155 204 155 169C156 105 148 31 148 -41C148 -157 234 -169 293 -169Z" id="g113-124"></path></g></svg></td></tr><tr><td colspan="2">(2) <span style="margin-left:2.2222222222222223em"></span>char dest<span class="nowrap"><svg height="11.439pt" id="M83" style="vertical-align:-2.15067pt" version="1.1" viewbox="-0.0498162 -9.28833 21.6301 11.439" width="21.6301pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M290 -163V-135C183 -126 181 -122 181 -44V583C181 662 184 666 290 675V703H120V-163H290Z" id="g113-92"></path></g><g transform="matrix(.013,0,0,-0.013,4.485,0)"><path d="M384 0V27C293 34 287 42 287 114V635C232 613 172 594 109 583V559L157 557C201 555 205 550 205 499V114C205 42 199 34 109 27V0H384Z" id="g113-50"></path></g><g transform="matrix(.013,0,0,-0.013,10.725,0)"><path d="M241 635C89 635 35 457 35 312C35 153 89 -12 240 -12C390 -12 443 166 443 312C443 466 390 635 241 635ZM238 602C329 602 354 454 354 312C354 172 330 22 240 22C152 22 124 173 124 313S148 602 238 602Z" id="g113-49"></path></g><g transform="matrix(.013,0,0,-0.013,16.965,0)"><path d="M226 -163V703H56V676C162 667 165 662 165 584V-43C165 -122 162 -126 56 -136V-163H226Z" id="g113-94"></path></g></svg>;</span></td></tr><tr><td colspan="2">(3) <span style="margin-left:2.2222222222222223em"></span>memcpy(dest, si, count); <span style="margin-left:14.444444444444445em"></span>//building program</td></tr><tr><td colspan="2">(4) <svg height="11.5564pt" id="M84" style="vertical-align:-2.26807pt" version="1.1" viewbox="-0.0498162 -9.28833 6.80666 11.5564" width="6.80666pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,2.179,0)"><path d="M283 255V284C195 290 192 337 192 375C192 436 200 508 200 580C200 696 116 709 54 709V681C127 671 139 634 139 588C138 524 125 452 125 387C125 333 149 286 209 272V268C148 253 125 206 125 151C126 87 139 16 139 -47C139 -92 127 -131 54 -141V-169C115 -169 200 -152 200 -41C200 32 192 104 192 164C192 202 195 249 283 255Z" id="g113-126"></path></g></svg><span style="margin-left:26.111111111111111em"></span>//vulnerability point</td></tr><tr><td colspan="2">(5)   int main(int argc, char <svg height="6.01072pt" id="M85" style="vertical-align:-0.04980993pt" version="1.1" viewbox="-0.0498162 -5.96091 7.75925 6.01072" width="7.75925pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M471 153C471 170 463 194 452 212C400 220 373 229 322 255C373 281 400 290 452 298C463 316 471 339 471 357C456 366 431 371 410 370C377 329 356 310 308 279C311 336 317 364 336 413C326 432 310 451 294 459C279 451 262 432 252 413C271 364 277 336 280 279C232 310 211 329 178 370C157 371 132 367 117 357C117 340 125 316 136 298C188 290 215 281 266 255C215 229 188 220 136 212C125 194 117 171 117 153C132 144 157 139 178 140C211 181 232 200 280 231C277 174 271 146 252 97C262 78 278 59 294 51C309 59 326 78 336 97C317 146 311 174 308 231C356 200 377 181 410 140C431 139 456 143 471 153Z" id="g113-43"></path></g></svg>argv<svg height="11.439pt" id="M86" style="vertical-align:-2.15067pt" version="1.1" viewbox="-0.0498162 -9.28833 9.10328 11.439" width="9.10328pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M290 -163V-135C183 -126 181 -122 181 -44V583C181 662 184 666 290 675V703H120V-163H290Z" id="g113-92"></path></g><g transform="matrix(.013,0,0,-0.013,4.485,0)"><path d="M226 -163V703H56V676C162 667 165 662 165 584V-43C165 -122 162 -126 56 -136V-163H226Z" id="g113-94"></path></g></svg>)<svg height="11.5564pt" id="M87" style="vertical-align:-2.26807pt" version="1.1" viewbox="-0.0498162 -9.28833 6.80666 11.5564" width="6.80666pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M293 -169V-141C218 -131 209 -90 209 -44C209 19 222 85 222 152C222 207 198 255 139 269V273C199 286 222 334 222 388C222 454 209 523 209 588C209 632 218 671 293 681V709C234 709 148 695 148 577C147 513 155 438 155 372C155 337 152 291 64 285V256C152 250 155 204 155 169C156 105 148 31 148 -41C148 -157 234 -169 293 -169Z" id="g113-124"></path></g></svg></td></tr><tr><td colspan="2">(6) <span style="margin-left:2.2222222222222223em"></span>  HANDLE hOpenFile = (HANDLE)CreateFile(argv<span class="nowrap"><svg height="11.439pt" id="M88" style="vertical-align:-2.15067pt" version="1.1" viewbox="-0.0498162 -9.28833 15.3667 11.439" width="15.3667pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M290 -163V-135C183 -126 181 -122 181 -44V583C181 662 184 666 290 675V703H120V-163H290Z" id="g113-92"></path></g><g transform="matrix(.013,0,0,-0.013,4.485,0)"><path d="M384 0V27C293 34 287 42 287 114V635C232 613 172 594 109 583V559L157 557C201 555 205 550 205 499V114C205 42 199 34 109 27V0H384Z" id="g113-50"></path></g><g transform="matrix(.013,0,0,-0.013,10.725,0)"><path d="M226 -163V703H56V676C162 667 165 662 165 584V-43C165 -122 162 -126 56 -136V-163H226Z" id="g113-94"></path></g></svg>,</span> <span style="margin-left:2.2222222222222223em"></span>//reading taint</td></tr><tr><td colspan="2"><span style="margin-left:13.888888888888889em"></span>GENERIC_READ, <span style="margin-left:6.666666666666667em"></span>//source file test.txt</td></tr><tr><td colspan="2"><span style="margin-left:13.888888888888889em"></span>FILE_SHARE_READ, NULL,</td></tr><tr><td colspan="2"><span style="margin-left:13.888888888888889em"></span>OPEN_EXISTING, NULL, NULL);</td></tr><tr><td colspan="2">(7)   ……</td></tr><tr><td colspan="2">(8) <span style="margin-left:2.7777777777777777em"></span>count = readCount(buf); <span style="margin-left:14.444444444444445em"></span>//reading the count</td></tr><tr><td colspan="2">(9) <span style="margin-left:2.7777777777777777em"></span>newBuf = readNewBuf(buf); <span style="margin-left:12.777777777777779em"></span>//reading the string</td></tr><tr><td colspan="2">(10) <span style="margin-left:2.4444444444444446em"></span>myMemcpy(newBuf, count);</td></tr><tr><td colspan="2">(11) <span style="margin-left:2.5555555555555554em"></span>return 0</td></tr><tr><td colspan="2">(12) <svg height="11.5564pt" id="M89" style="vertical-align:-2.26807pt" version="1.1" viewbox="-0.0498162 -9.28833 4.62754 11.5564" width="4.62754pt" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink"><g transform="matrix(.013,0,0,-0.013,0,0)"><path d="M283 255V284C195 290 192 337 192 375C192 436 200 508 200 580C200 696 116 709 54 709V681C127 671 139 634 139 588C138 524 125 452 125 387C125 333 149 286 209 272V268C148 253 125 206 125 151C126 87 139 16 139 -47C139 -92 127 -131 54 -141V-169C115 -169 200 -152 200 -41C200 32 192 104 192 164C192 202 195 249 283 255Z" id="g113-126"></path></g></svg></td></tr></table></td></tr></table>

<div>Source code of <i>test.cpp.</i></div>

Security and Communication Networks

alg1

Algorithm 1

Algorithm 1: OFFDTAN: A New Approach of Offline Dynamic Taint Analysis for Binaries 