Automatic Generation of Control

This book considers the problem of automatic generation of exploits for software vulnerabilities. A formal definition will be provided for the term ¿exploit¿ in Chapter 2 but, informally, it describes an exploit as a program input that results in the execution of malicious code1. We define malicious code as a sequence of bytes injected by an attacker into the program that subverts the security of the targeted system. This is typically called shellcode. Exploits of this kind often take advantage of programmer errors relating to memory management or variable typing in applications developed in C and C++. These errors can lead to buffer overflows in which too much data is written to a memory buffer, resulting in the corruption of unintended memory locations. An exploit will leverage this corruption to manipulate sensitive memory locations with the aim of hijacking the control flow of the application.