Computer Science and Information Engineering, World Congress on (2009)
Los Angeles, California USA
Mar. 31, 2009 to Apr. 2, 2009
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/CSIE.2009.544
In this pager we describe a new approach using symbolic execution to exploit windows applications, and the approach is implemented in the tool Ewap. Instead of fuzzing applications with randomly or semi-randomly constructed input, Ewap generates new inputs automatically to steer applications to follow different execution paths and detects security violations dynamically, which maximizes the code coverage and improves the exploiting efficiency.
code instrumentation, taint analysis mechanism, security violations detection, symbolic execution
H. Shu, J. Chen and X. Xiong, "Ewap: Using Symbolic Execution to Exploit Windows Applications," 2009 WRI World Congress on Computer Science and Information Engineering, CSIE(CSIE), Los Angeles, CA, 2009, pp. 733-738.