| Code reuse attack is the main technology of memory vulnerability exploitation,which has been studied in academia and industry.However,most of the current researches only focus on specific code reuse attacks,which often lack integrity and generality.Based on the integrity of code reuse attacks,this paper studies the key technologies of gadget discovery and semantic analysis in code reuse attacks.The main work of this paper is as follows:1.On the basis of summarizing and analyzing the attack models of typical code reuse attacks such as ROP,JOP and LOP,this paper proposes a general code reuse attack model combined with Turing Completeness,and puts forward the characteristics that gadgets should meet in code reuse attacks.2.This paper designs a formal language named GDL to describe the information of gadgets in code reuse attacks.GDL can be used to describe the constraints that gadgets need to meet in a structured way,thus contributing to the implementation of general code reuse attack.3.On the basis of analyzing the semantic analysis content of typical open-source gadget tools such as Ropper,angrop and BOPC,this paper abstracts the elements that should be included in the semantic analysis of gadget,and puts forward a kind of semantic analysis technology of gadget based on expression tree,which improves the efficiency of semantic analysis of gadget by describing the expression information of reading or writing registers and memory.4.This paper proposes the architecture design of the prototype system of gadget search and semantic analysis named GDLgadget,studies the key algorithms and workflow of the modules of gadget search,semantic analysis and gadget chain building,and realizes the prototype system.The prototype system's functions are verified in experiments.The experimental results show that the GDLgadget implemented in this paper has the characteristics of multiple types of gadgets,comprehensive search and good semantic analysis. |
PDF Full Text Request