An Instruction-level Symbolic Checksum System for Windows x86 Program

Fuzz testing has some obvious disadvantages: (1) It is ineffective with if-else statement; (2) it can hardly deal with the input with unknown fixed structure; (3) randomly generated input can hardly pass the verification of input integrity applied by the target systems. On the other hand, Symbolic execution can overcome some of the obstacles above. However, most of them didn't handle the function of verification about the input integrity of program. Due to the limitation of fuzz test and symbolic execution to the verification of input integrity, we propose a reversed taint tracing approach to overcome this problem. The key idea is that it traverses the entire path of program by symbolic execution and generates results from the path-reversed files. We found 7 unhandled exceptions in 7-zip, and revised 16 malformed files with correct CRCs to pass the 7-zip test and decompression.