源代码和可执行代码之间存在语义差异,仅对源代码进行分析会遗漏隐藏在可执行代码里的漏洞。基于对漏洞模式的分析,通过结合静态反汇编分析、动态自动调试和基于函数特征的参数注入3种思想,本文设计并实现了一种直接基于可执行代码的安全漏洞检测原型工具。本文的检测原型工具在一组CVE(通用漏洞披露)benchmark以及两个真实的可执行程序上都检测到缓冲区溢出漏洞。实验结果表明,本文提出的“三位一体”检测方法能够直接用于检测可执行代码中的安全漏洞。 Semantic differences exist between the source code and the executable code, and analysis of the source code alone can miss vulnerabilities hidden in the executable code. Based on the analysis of the vulnerability pattern, this paper designs and implements a prototype of the security vulnerability detection directly based on the executable code by combining three kinds of ideas: static disassembly analysis, dynamic automatic debugging and parameter injection based on the function features. The test prototype tool in this article detects a buffer overflow vulnerability on a set of CVE (Common Vulnerabilities and Exposures) benchmark and on two real executables. Experimental results show that the proposed “Trinity” detection method proposed in this paper can be directly used to detect security vulnerabilities in executable code.