Packed, printable, and polymorphic return-oriented programming

12Citations
Citations of this article
37Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Return-oriented programming (ROP) is an attack that has been shown to be able to circumvent W+X protection. However, it was not clear if ROP can be made as powerful as non-ROP malicious code in other aspects, e.g., be packed to make static analysis difficult, be printable to evade non-ASCII filtering, be polymorphic to evade signature-based detection, etc. Research in these potential advances in ROP is important in designing counter-measures. In this paper, we show that ROP code could be packed, printable, and polymorphic. We demonstrate this by proposing a packer that produces printable and polymorphic ROP code. It works on virtually any unpacked ROP code and produces packed code that is self-contained. We implement our packer and demonstrate that it works on both Windows XP and Windows 7 platforms. © 2011 Springer-Verlag.

Cite

CITATION STYLE

APA

Lu, K., Zou, D., Wen, W., & Gao, D. (2011). Packed, printable, and polymorphic return-oriented programming. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6961 LNCS, pp. 101–120). https://doi.org/10.1007/978-3-642-23644-0_6

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free