Research on system and software security (2)

A practical analysis of ROP attacks

arxiv 2021

（ The quality of the article is not high ）

background

ROP It's actually a code reuse attack , A control flow hijacking attack that does not require an attacker to inject any code , But it can trigger any behavior in the target system , Code reuse attack . Program address space （gadgets） Existing code fragments present in are linked together to perform malicious acts .

The most common one is called return oriented ROP, The other is called challenge oriented programming JOP.

ROP Use to ret Code snippet at the end of the instruction , It's like pop rip equally

In order to complete the attack target ：

1. Subvert the control flow of a program from its original process , The attacker needs to perform a traditional stack smash attack , For example, stack buffer overflow , And overwrite the return address of the function on the stack . Other methods such as frame pointer overlay can also be used here .
2. The attacker needs to redirect the execution of the program to the code chosen by the attacker , An attacker can accomplish this task through code injection .

Modify the memory layout of a program by making the stack non executable , So as to prevent code injection of stack smashing attack . Due to code injection defense &#