Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

A rop attack stack overflow protection method based on simulated stack and thread injection

A stack overflow and thread technology, applied in the field of ROP attack stack overflow protection, can solve problems such as stack overflow, and achieve the effects of good accuracy, great independence, and improved accuracy

Active Publication Date: 2019-11-12
UNIV OF ELECTRONICS SCI & TECH OF CHINA
View PDF8 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0006] In view of the above-mentioned prior art, the purpose of the present invention is to provide a kind of ROP attack stack overflow protection method based on simulated stack and thread injection, which solves the problem that the ROP malicious code without instructions can bypass the stack overflow due to the fixed program loading position in the prior art. Protection technical problems, and solved the technical problem of stack overflow in the target process caused by the remote thread injection used when using the simulation stack to monitor the target process

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A rop attack stack overflow protection method based on simulated stack and thread injection
  • A rop attack stack overflow protection method based on simulated stack and thread injection
  • A rop attack stack overflow protection method based on simulated stack and thread injection

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0060] like figure 1 Shown:

[0061] 1. The ROP attack protection system uses remote threads to inject into the target process

[0062] Use dll remote injection technology:

[0063] 1) OpenProcess obtains the handle to be injected into the process;

[0064] 2) VirtualAllocEx opens up a section of memory in the remote process, the length is strlen(dllname)+1;

[0065] 3) WriteProcessMemory writes the name of the Dll into the memory created in the second step;

[0066] 4) CreateRemoteThread uses LoadLibraryA as a thread function, and the parameter is the name of Dll to create a new thread;

[0067] 5) CloseHandle closes the thread handle.

[0068] 2. Monitor the instruction flow of the target process to obtain the instructions between call and ret

[0069] The injected thread can imitate Ollydbg to additionally monitor the target process, so as to obtain program execution instructions.

[0070] 3. Compare the characteristic instructions of normal function calls, and extra...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a ROP attack stack overflow protection method based on simulated stack and thread injection, relates to the technical field of ROP attack protection, and solves the problem that in the prior art, due to the fixed program loading position, the ROP malicious code without instructions can bypass the stack overflow protection Technical problems, and solved the technical problem of stack overflow in the target process caused by the remote thread injection used when using the simulation stack to monitor the target process. The present invention includes injecting into the target process (the process to be protected) by using threads, opening up a simulated stack space, monitoring the instruction flow of the simulated target process, and obtaining the effective code concatenation between the call and the ret command of the ROP attack, on the simulated stack Execute, and then use the traditional overflow protection mechanism to achieve the purpose of detecting ROP attacks.

Description

technical field [0001] The invention relates to the technical field of ROP attack protection, in particular to a ROP attack stack overflow protection method based on simulation stack and thread injection. Background technique [0002] ROP (Return-oriented programming) is a new type of attack based on code reuse technology. Attackers use existing libraries or executable files to extract instruction fragments and construct malicious code. [0003] SEH (Structured Exception Handling) SEH ("Structured Exception Ha-ndling"), that is, structured exception handling is a powerful weapon for program designers to handle program errors or exceptions provided by the (windows) operating system. [0004] SEHOP (SEH Overwrite Protection) The full name of SEHOP is Structured Except-ionHandler Overwrite Protection (Structured Exception Handling Overwrite Protection). node or multiple nodes to control EIP (control program execution flow). SEHOP is a security protection scheme proposed by Mi...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/52
CPCG06F21/52
Inventor 刘小垒张小松牛伟纳周旷户宇宙
Owner UNIV OF ELECTRONICS SCI & TECH OF CHINA
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com