Research Article
BofAEG: Automated Stack Buffer Overflow Vulnerability Detection and Exploit Generation Based on Symbolic Execution and Dynamic Analysis
Table 1
Results of Zeratool and BofAEG on CTF and CVE programs.
| Program | NX | CANARY | PIE | Win | Zeratool | BofAEG | Exp Tech |
| redpwnctf2020_coffer | ✓ | ✕ | ✕ | ✓ | N/A | 6 s | Ret to system win | csictf2020_pwn0x1 | ✓ | ✕ | ✕ | ✓ | N/A | 5 s | Ret to system win | csictf2020_pwn0x2 | ✓ | ✕ | ✕ | ✓ | N/A | 6 s | Ret to system win | csictf2020_pwn0x3 | ✓ | ✕ | ✕ | ✓ | 7 s | 6 s | Ret to system win | dctf2021_sanity | ✓ | ✕ | ✕ | ✓ | N/A | 4 s | Ret to system win | umdctf2021_jne | ✓ | ✕ | ✕ | ✓ | 7 s | 6 s | Ret to flag win | csawctf2021_password | ✓ | ✕ | ✕ | ✓ | N/A | 60 s | Ret to system win | h@cktivityctf2021_retcheck | ✓ | ✕ | ✕ | ✓ | N/A | 8 s | Ret to flag win | downunderctf2021_deadcode | ✓ | ✕ | ✕ | ✓ | N/A | 6 s | Ret to system win | downunderctf2021_out | ✓ | ✕ | ✕ | ✓ | 6 s | 5 s | Ret to system win | csawctf2020_roppity | ✓ | ✕ | ✕ | ✕ | 30 s | 6 s | Ret to libc | downunderctf2020_return | ✓ | ✕ | ✕ | ✕ | 30 s | 7 s | Ret to libc | dctf2021_babybof | ✓ | ✕ | ✕ | ✕ | 37 s | 5 s | Ret to libc | umdctf2021_jnw | ✓ | ✕ | ✕ | ✕ | 27 s | 6 s | Ret to libc | tamilctf2021_name | ✓ | ✕ | ✕ | ✕ | N/A | 4 s | Ret to libc | dicectf2021_babyrop | ✓ | ✕ | ✕ | ✕ | N/A | 6 s | Ret to dl-resolve | utctf2021_resolve | ✓ | ✕ | ✕ | ✕ | N/A | 6 s | Ret to dl-resolve | nahamconctf2021_smol | ✓ | ✕ | ✕ | ✕ | N/A | 4 s | Ret to dl-resolve | sharkyctf2020_give | ✓ | ✕ | ✓ | ✕ | N/A | 4 s | text_addr and ret to libc | wpictf2020_dorsia1 | ✓ | ✕ | ✓ | ✕ | N/A | 4 s | libc_addr and ret to one_gadget | dctf2021_hotelrop | ✓ | ✕ | ✓ | ✕ | N/A | 5 s | text_addr and ret to libc | lexingtonctf2021_gets | ✓ | ✕ | ✓ | ✓ | N/A | 11 s | Explore to flag win | lexingtonctf2021_madlibs | ✓ | ✕ | ✕ | ✓ | N/A | N/A | N/A | cyberctf2021_harvester | ✓ | ✓ | ✓ | ✕ | N/A | N/A | N/A | Cve-2004-1257_abc2mtex | ✓ | ✕ | ✕ | ✕ | N/A | N/A | N/A | Cve-2011-1938_php | ✓ | ✕ | ✕ | ✕ | N/A | N/A | N/A | Cve-2012-4409_mcrypt | ✓ | ✕ | ✕ | ✕ | N/A | N/A | N/A | Cve-2013-2028_nginx | ✓ | ✕ | ✕ | ✕ | N/A | N/A | N/A | Cve-2017-13089_wget | ✓ | ✕ | ✕ | ✕ | N/A | N/A | N/A |
|
|