A method and device for contamination analysis of remill library stack based on mcsema

An analysis method and technology of an analysis device are applied in the computer field to achieve the effect of non-destructive stack pollution analysis

Active Publication Date: 2022-02-08
GUANGZHOU UNIVERSITY
View PDF5 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As a result, any non-PIE executable opens the door to return-2-plt / GOT and return-based programming (ROP) attacks, but compiling to PIE is also a method for targeted instruction-level escalation attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A method and device for contamination analysis of remill library stack based on mcsema
  • A method and device for contamination analysis of remill library stack based on mcsema
  • A method and device for contamination analysis of remill library stack based on mcsema

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0033] The technical solutions in the embodiments of the present invention will be clearly and completely described below in conjunction with the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without creative efforts fall within the protection scope of the present invention.

[0034] It should be noted, figure 2 It is a method design concept of poisoning or polluting the objects that need to be studied in the stack space, and it is a common way of thinking. In network attack and defense, there are also ARP and DNS cache poisoning. During the execution of the Mcsema-lift tool, two stacks will be generated, one is the execution stack and the other is the simulation stack. Because an important function of the stack is the call of the funct...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a Mcsema-based Remill library stack pollution analysis method, device, equipment and readable storage medium. The method includes: improving machine code and its instruction level to obtain a high-level instruction data structure; using a machine instruction decoder Decode the high-level instruction data structure, so that the decoded register name corresponds to the variable name of the remill basic block; modify the SEM interpretation of the preset unstack related instructions; modify the contents of the unstack related instructions Recompile to complete the stack pollution process. By modifying the SEM interpretation of the unstacking related instructions during the lifting process, the invention can break through the limitations of various call stacks of binary programs in the prior art, and realize the intelligent and non-destructive process of the required research stack space objects. stack pollution analysis.

Description

technical field [0001] The invention relates to the field of computer technology, in particular to a Mcsema-based Remill library stack pollution analysis method, device, equipment and a readable storage medium. Background technique [0002] Some operating systems enable Address space layout randomization, or ASLR for short, for the kernel by default. ASLR randomizes the loading base address of the module, the address of the kernel object, etc., and is a security protection technology against buffer overflow. By randomizing the layout of linear areas such as the heap, stack, and shared library mapping, and by increasing the difficulty for attackers to predict the destination address, it prevents attackers from directly locating the location of the attack code and achieves the purpose of preventing overflow attacks. According to research, ASLR can effectively reduce the success rate of buffer overflow attacks. [0003] Later, the security feature of ASLR was further enhanced...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/54
CPCG06F21/54
Inventor 田志宏金成杰鲁辉张鑫国何陆潇涵杨佳庚张曼黄冬秋孙起孙彦斌苏申
Owner GUANGZHOU UNIVERSITY
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap