| Since the eighties of the last century, with the computer virusesdiscovered and exploited to attack computer systems, more and morehackers technology enthusiasts join the exploits field. Buffer overflowvulnerabilities,which are the most representative of computervulnerabilities, are one of the the most widely used type of vulnerabilities.Exploits based on this technology are also constantly put forward. Heapspray technology is one of them, which is widely used in webpage Trojanand document attacks.On the basis of previous studies, Heap spray attacks fall into twocategories: stack-based buffer overflow and heap-based buffer overflow.Focus on analysis of stack and heap data structure and managementmechanism, and explain the details of both. The example after furtherreveals the principle of exploit.Introduce the principles and techniques of Heap spray. On this basis,summarize the main points of the technical improvements. ThePDF-based attack example shows a comprehensive picture of howattackers use Heap spray to allocate memory, how to change jumpingaddress of EIP and ultimately execute the shellcode, etcetera.Then divide the Heap spray detection technologies into three types.Finally, a detection method based on the memory pre-allocation andspecial string detection is proposed. Explain the principle and the exploit of the memory pre-allocation and special characters detection method.Propose a prototype design of the detection system, and test it. The resultshows that the detection system can detect and prevent Heap spray fromattacking the computer effectively. |
PDF Full Text Request