Abstract: Path traverse is a kind of important software testing method of software test. However, as the number of paths of software is usually exponential, to test every path is unpractical. From the point view of software security test, the execution of critical code fragments in the binary program is more interested. The critical code fragments are the statements which call the danger function, the functions with high cyclomatic complexity and the code fragments with loop-writing memory. In this paper, a data auto-generation method is presented, which covers the critical code area, this approach is based upon binary program and does not need the source code of the test program. These paths which can reach the critical code areas are automatically obtained by a method called path backtracking, and are automatically generated test data for these paths by a method called path leading. It is based on the symbolic execution and concrete execution, regulates the test input step by step and uses the constraint solver to generate the test cases. Theory analysis and experiment results indicate that the method of path leading can reduce the execution number of test data generation contrast with existing methods of generating test data for a given path, the method of path leading improves the efficiency of test data generation.