{"title":"Automatic construction of jump-oriented programming shellcode (on the x86)","authors":"Ping Chen, Xiao Xing, Bing Mao, Li Xie, Xiaobin Shen, Xinchun Yin","doi":"10.1145/1966913.1966918","DOIUrl":null,"url":null,"abstract":"Return-Oriented Programming (ROP) is a technique which leverages the instruction gadgets in existing libraries/executables to construct Turing complete programs. However, ROP attack is usually composed with gadgets which are ending in ret instruction without the corresponding call instruction. Based on this fact, several defense mechanisms have been proposed to detect the ROP malicious code. To circumvent these defenses, Return-Oriented Programming without returns has been proposed recently, which uses the gadgets ending in jmp instruction but with much diversity. In this paper, we propose an improved ROP techniques to construct the ROP shellcode without returns. Meanwhile we implement a tool to automatically construct the real-world Return-Oriented Programming without returns shellcode, which as demonstrated in our experiment can bypass most of the existing ROP defenses.","PeriodicalId":72308,"journal":{"name":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2011-03-22","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"39","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Asia CCS '22 : proceedings of the 2022 ACM Asia Conference on Computer and Communications Security : May 30-June 3, 2022, Nagasaki, Japan. ACM Asia Conference on Computer and Communications Security (17th : 2022 : Nagasaki-shi, Japan ; ...","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/1966913.1966918","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 39
Abstract
Return-Oriented Programming (ROP) is a technique which leverages the instruction gadgets in existing libraries/executables to construct Turing complete programs. However, ROP attack is usually composed with gadgets which are ending in ret instruction without the corresponding call instruction. Based on this fact, several defense mechanisms have been proposed to detect the ROP malicious code. To circumvent these defenses, Return-Oriented Programming without returns has been proposed recently, which uses the gadgets ending in jmp instruction but with much diversity. In this paper, we propose an improved ROP techniques to construct the ROP shellcode without returns. Meanwhile we implement a tool to automatically construct the real-world Return-Oriented Programming without returns shellcode, which as demonstrated in our experiment can bypass most of the existing ROP defenses.