A Study Of Shellcode Execution And Its Implementation

With the development of computer technology, computer technology hasbecome a key technology in various industry to improve its production efficiency.While people enjoy the convenience brought by the new technology, they alsoconfront severe situation day by day.As the Von Neumann structure computer successfully loads data andinstructions in memory, and the computer doesn’t check the EIP real-timely, somedata could obtain the execution authority. This technology could be called Shellcodeexecution. There are two kinds of methods to realize Shellcode execution, usingsystem exploit is one way, the other way is using PE file packer. Shellcode doesn’thave the PE file structure. This paper studies core technology after induction andsummarization by using different ways to realize Shellcode execution.StudyingShellcode execution has important significance for studying and designing securitysoftware system. This paper designs and makes a Shellcode execution system. Themain work is shown as below:Firstly, this paper studies deeply into PE file format and packing PE file indifferent way, and uses the insert-new-section method to realize packding PE file.This paper presents a new method to execute Shellcode more safely by usingpacking PE files and using disguised PE file.Secondly, this paper studies Windows heap overflows technology and realizesShellcode execution by using JPEG heap overflow exploitation. While generatingShellcode, this paper presents two methods to decode Shellcode to avoid specialcharacter appearing in the final Shellcode which makes Shellcode execute normally.Finally，on analyzing the common characteristics of Shellcode triggered byvarious trigger mode, this paper summarizes the same technical issues existed in thedesign of Shellcode not having PE structures, which are locating variable、locatingAPI and decoding Shellcode before execution. Basically，this paper presents severalways to locate API. While locating variable, this paper presents a new metod tolocate variable that is construting data section in Shellcode which will generateshorter Shellcode and makes Shellcode needs less memory space by contrastexperiment indicating.