Abstract
Return-oriented programming (ROP) is an attack that has been shown to be able to circumvent W+X protection. However, it was not clear if ROP can be made as powerful as non-ROP malicious code in other aspects, e.g., be packed to make static analysis difficult, be printable to evade non-ASCII filtering, be polymorphic to evade signature-based detection, etc. Research in these potential advances in ROP is important in designing counter-measures. In this paper, we show that ROP code could be packed, printable, and polymorphic. We demonstrate this by proposing a packer that produces printable and polymorphic ROP code. It works on virtually any unpacked ROP code and produces packed code that is self-contained. We implement our packer and demonstrate that it works on both Windows XP and Windows 7 platforms. © 2011 Springer-Verlag.
Author supplied keywords
Cite
CITATION STYLE
Lu, K., Zou, D., Wen, W., & Gao, D. (2011). Packed, printable, and polymorphic return-oriented programming. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 6961 LNCS, pp. 101–120). https://doi.org/10.1007/978-3-642-23644-0_6
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
