-
-
公开(公告)号:KR100875997B1
公开(公告)日:2008-12-24
申请号:KR1020070062325
申请日:2007-06-25
Applicant: 한국전자통신연구원
Abstract: A network fuzzing method using Windows socket API(Application Program Interface) hooking is provided to freely perform network fuzzing by embedding a socket API hooking function in a network program through DLL(Dynamic Linked Library) injection without analyzing a protocol and manufacturing a fuzzer. A network program module drives its own network program if a target network program for fuzzing is activated(S10). A main program module controls a DLL file module to find out the network program driven by the network program module and to inject a DLL file containing a window socket API hooking function(S20). The DLL file module hooks socket API functions the network program uses, and replaces them with specially defined socket functions(S30). If socket API hooking is executed, the DLL file module temporarily stores the packet transmitted and received through the network program, and forwards the packets to a packet handler in the main program module. The packet handler delivers the collected packets to a database module. The database module stores and analyzes the packets, and creates a fuzzing data set(S40). The main program module compulsorily transmits abnormal packets through the packet handler, and judges whether a problem exists in the target network program which receives the abnormal packets(S50).
Abstract translation: 提供了一种使用Windows套接字API(应用程序接口)挂钩的网络模糊方法,通过在不分析协议和制造模糊器的情况下通过DLL(动态链接库)注入在网络程序中嵌入套接字API挂钩功能来自由执行网络模糊。 如果激活用于模糊的目标网络程序,则网络程序模块驱动其自己的网络程序(S10)。 主程序模块控制DLL文件模块以找出由网络程序模块驱动的网络程序并注入包含窗口套接字API挂接功能的DLL文件(S20)。 DLL文件模块钩住网络程序使用的套接字API函数,并用专门定义的套接字函数替换它们(S30)。 如果执行套接字API挂接,则DLL文件模块临时存储通过网络程序发送和接收的数据包,并将数据包转发到主程序模块中的数据包处理程序。 数据包处理程序将收集的数据包传送到数据库模块。 数据库模块存储和分析数据包,并创建模糊数据集(S40)。 主程序模块通过分组处理器强制发送异常分组,并判断在接收到异常分组的目标网络程序中是否存在问题(S50)。
-
公开(公告)号:KR1020080043209A
公开(公告)日:2008-05-16
申请号:KR1020070062325
申请日:2007-06-25
Applicant: 한국전자통신연구원
CPC classification number: H04L63/1433 , G05B2219/23262
Abstract: A network fuzzing method using Windows socket API(Application Program Interface) hooking is provided to freely perform network fuzzing by embedding a socket API hooking function in a network program through DLL(Dynamic Linked Library) injection without analyzing a protocol and manufacturing a fuzzer. A network program module drives its own network program if a target network program for fuzzing is activated(S10). A main program module controls a DLL file module to find out the network program driven by the network program module and to inject a DLL file containing a window socket API hooking function(S20). The DLL file module hooks socket API functions the network program uses, and replaces them with specially defined socket functions(S30). If socket API hooking is executed, the DLL file module temporarily stores the packet transmitted and received through the network program, and forwards the packets to a packet handler in the main program module. The packet handler delivers the collected packets to a database module. The database module stores and analyzes the packets, and creates a fuzzing data set(S40). The main program module compulsorily transmits abnormal packets through the packet handler, and judges whether a problem exists in the target network program which receives the abnormal packets(S50).
Abstract translation: 提供了使用Windows套接字API(应用程序接口)钩子的网络模糊方法,通过DLL(动态链接库)注入,通过在网络程序中嵌入套接字API钩子函数来自由执行网络模糊,而不需要分析协议并制造模糊器。 如果用于模糊的目标网络程序被激活,则网络程序模块驱动其自己的网络程序(S10)。 主程序模块控制DLL文件模块,以找出由网络程序模块驱动的网络程序,并注入一个包含窗口套接字API钩挂功能的DLL文件(S20)。 DLL文件模块挂钩网络程序使用的套接字API函数,并用特殊定义的套接字功能替换它们(S30)。 如果执行套接字API钩子,则DLL文件模块将通过网络程序临时存储发送和接收的数据包,并将数据包转发到主程序模块中的数据包处理程序。 数据包处理程序将收集的数据包传送到数据库模块。 数据库模块存储和分析数据包,并创建一个模糊数据集(S40)。 主程序模块通过分组处理器强制发送异常分组,并判断接收异常分组的目标网络程序中是否存在问题(S50)。
-
-
Search Results
3
records
(took 0.018 seconds)
