Understanding Complex Binary Loading Behaviors

Binary loading is used extensively in many operating systems, e.g. Program execution usually involves loading dynamically linked libraries (binaries in DLL form). In Windows, binary loading is used heavily, but the process is complex and is affected by many factors - this flexibility turns out to be a rich source of attacks. When a typical Windows executable runs, many binaries are loaded, possibly from third parties. It is not uncommon for Windows programs to have binary loading vulnerabilities. However, it is difficult for software developers to identify if their programs have such vulnerabilities, how they arise, and how to fix them. We propose LDRSCOPE, to explain why binaries are loaded and detect the factors that affect the loading. This allows developers to better identify the problems and secure their code. We also deal with vulnerabilities arising from software configuration such as configuration files. Some vulnerabilities can also be due to third party libraries, we clearly identify and explain their effects.