摘要： 综述当前Windows平台下主要的缓冲区溢出保护机制，该保护机制的绕过技术可以提高漏洞分析与利用的成功率及操作系统的安全性。介绍当前主要的缓冲区溢出保护机制的绕过技术的发展现状。针对堆栈溢出及数据执行保护(DEP)机制的突破技术，分别给出突破原理和方法。通过实验验证了DEP突破技术的有效性。

关键词: 缓冲区溢出, 栈溢出, 堆溢出, 数据执行保护, 绕过技术

Abstract: In this paper, the main buffer overflow protection mechanism is summarized under the current Windows platform, and the method and technologies about bypassing these protection mechanisms are studied, which can increase the success rate of vulnerabilities analysis and use, and guide to improve the security of the operating system. The paper describes the development of the current main technologies on bypassing the buffer overflow protection mechanisms. The principles and methods about bypassing stack overflow protection, heap overflow protection Data Execution Prevention(DEP) are all given. Effectiveness of the methods of bypassing DEP is verified through an experiment.

Key words: buffer overflow, stack overflow, heap overflow, Data Execution Prevention(DEP), bypass technology

中图分类号: 

• TP316