Method for protecting against ROP attacking and stack overflow based on simulated stacks and thread injecting

A stack overflow and thread technology, applied in the field of ROP attack stack overflow protection, can solve stack overflow and other problems, and achieve good accuracy, great independence, and great applicability

Active Publication Date: 2017-10-03
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF8 Cites 13 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In view of the above-mentioned prior art, the purpose of the present invention is to provide a kind of ROP attack stack overflow protection method based on simulated stack and thread injection, which solves the problem that the ROP malicious code without instructions can bypass the stack overflow due to the fixed program loading position in the prior art. Protection technical problems, and solved the technical problem of stack overflow in the target process caused by the remote thread injection used when using the simulation stack to monitor the target process

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method for protecting against ROP attacking and stack overflow based on simulated stacks and thread injecting
  • Method for protecting against ROP attacking and stack overflow based on simulated stacks and thread injecting
  • Method for protecting against ROP attacking and stack overflow based on simulated stacks and thread injecting

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0060] 1. The ROP attack protection system uses remote threads to inject into the target process

[0061] Use dll remote injection technology:

[0062] 1) OpenProcess obtains the handle to be injected into the process;

[0063] 2) VirtualAllocEx opens up a section of memory in the remote process, the length is strlen(dllname)+1;

[0064] 3) WriteProcessMemory writes the name of the Dll into the memory created in the second step;

[0065] 4) CreateRemoteThread uses LoadLibraryA as a thread function, and the parameter is the name of Dll to create a new thread;

[0066] 5) CloseHandle closes the thread handle.

[0067] 2. Monitor the instruction flow of the target process to obtain the instructions between call and ret

[0068] The injected thread can imitate Ollydbg to additionally monitor the target process, so as to obtain program execution instructions.

[0069] 3. Compare the characteristic instructions of normal function calls, and extract the suspected abnormal instru...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a method for protecting against ROP attacking and stack overflow based on simulated stacks and thread injecting, and relates to the technical field of protection of ROP attacking. According to the technical scheme, the technical problems are solved in the prior art that ROP vicious codes without commands can bypass stack-overflow protection since a program loading position is fixed and the stack overflow occurs when remote threads utilized in using the simulated stacks to monitor a target progress are injected. The method comprises the steps of using the threads to inject the threads into the target progress (the progress which needs to be protected), opening up a simulated stack space, monitoring a command procedure which simulates the target progress, conducting execution on the simulated stacks by obtaining effective code strings among call commands and ret commands attached by ROP, and then achieving the purpose of detecting ROP attacking by using a traditional overflow protection mechanism.

Description

technical field [0001] The invention relates to the technical field of ROP attack protection, in particular to a ROP attack stack overflow protection method based on simulation stack and thread injection. Background technique [0002] ROP (Return-oriented programming) is a new type of attack based on code reuse technology. Attackers use existing libraries or executable files to extract instruction fragments and construct malicious code. [0003] SEH (Structured Exception Handling) SEH ("Structured Exception Ha-ndling"), that is, structured exception handling is a powerful weapon for program designers to handle program errors or exceptions provided by the (windows) operating system. [0004] SEHOP (SEH Overwrite Protection) The full name of SEHOP is Structured Except-ionHandler Overwrite Protection (Structured Exception Handling Overwrite Protection). node or multiple nodes to control EIP (control program execution flow). SEHOP is a security protection scheme proposed by Mi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): G06F21/52
CPCG06F21/52
Inventor 刘小垒张小松牛伟纳周旷户宇宙
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap