Welcome to the InfoSci Platform
Automatic Generation of ROP Through Static Instructions Assignment and Dynamic Memory Analysis

Automatic Generation of ROP Through Static Instructions Assignment and Dynamic Memory Analysis

Ning Huang, Shuguang Huang, Chao Chang
Copyright: © 2021 |Volume: 13 |Issue: 2 |Pages: 20
ISSN: 1941-6210|EISSN: 1941-6229|EISBN13: 9781799860358|DOI: 10.4018/IJDCF.2021030104
Cite Article Cite Article

MLA

Huang, Ning, et al. "Automatic Generation of ROP Through Static Instructions Assignment and Dynamic Memory Analysis." IJDCF vol.13, no.2 2021: pp.57-76. http://doi.org/10.4018/IJDCF.2021030104

APA

Huang, N., Huang, S., & Chang, C. (2021). Automatic Generation of ROP Through Static Instructions Assignment and Dynamic Memory Analysis. International Journal of Digital Crime and Forensics (IJDCF), 13(2), 57-76. http://doi.org/10.4018/IJDCF.2021030104

Chicago

Huang, Ning, Shuguang Huang, and Chao Chang. "Automatic Generation of ROP Through Static Instructions Assignment and Dynamic Memory Analysis," International Journal of Digital Crime and Forensics (IJDCF) 13, no.2: 57-76. http://doi.org/10.4018/IJDCF.2021030104

Export Reference

Mendeley
Favorite Full-Issue Download

Abstract

W⊕X is a protection mechanism against control-flow hijacking attacks. Return-oriented programming (ROP) can perform a specific function by searching for appropriate assembly instruction fragments (gadgets) in a code segment and bypass the W⊕X. However, manual search for gadgets that match the conditions is inefficient, with high error and missing rates. In order to improve the efficiency of ROP generation, the authors propose an automatic generation method based on a fragmented layout called automatic generation of ROP. This method designs new intermediate instruction construction rules based on an automatic ROP generation framework Q, uses symbolic execution to analyze program memory states and construct data constraints for multi-modules ROP, and solves ROP data constraints to generate test cases of an ROP chain. Experiments show that this method can effectively improve the space efficiency of the ROP chain and lower the requirements of the ROP layout on memory conditions.