| Buffer overflow is a very common and dangerous vulnerability,which is widely used in various operating systems and applications.The buffer overflow attack can result in the programme running failure,system failure and restart.In more serious cases,it can be used to execute unauthorized instructions,or even to obtain system privileges,thus performing illegal operations.In order to realize buffer overflow attack,two tasks need to be accomplished.One is arranging the shellcode in the memory of the vulnerability program,the other one is making the process flow jump to the predictable address by appropriate overflow operation.Heap Spray,which is mainly studied in this paper,is a technology that can help attackers achieve the purpose of embedding shellcode.At first,the thesis briefly introduces relevant knowledge of buffer overflow and summarizes the principle of buffer overflow attack,which pays the way for studying Heap Spray.Then the implementation principle of Heap Spray is analyzed in detail,and the understanding of it is deepened by analyzing the examples of vulnerabilities.After that,proposing a Heap Spray attack model(HSM)in view of DEP and Nozzle.In addition,putting forward improvement strategy for the shellcode coding technology used in HSM.Secondly,studying the defense strategy of Heap Spray.The thesis doesn't only analyze it based on the characteristics of Heap Spray itself,but also from the perspective of defensing buffer overflow.Later,through the analysis of HSM,the defense strategy of it is proposed mainly based on detecting slide code and ROP chain.Finally,based upon the HSM attack model,carry out simulation experiments on VMware workstation to effectively verify whether it can achieve accurate heap spray attack and its anti-detecting ability. |
PDF Full Text Request