摘要： 返回导向编程(ROP)技术可以有效绕过数据执行保护(DEP)机制，但人工分析可执行库中的二进制指令序列组合成ROP gadgets耗时而繁琐。为此，利用gadgets字典，设计并实现一种基于Windows平台的自动构建ROP Gadgets方法，允许ROP执行任意操作，并完成图灵完整性。Exploit开发人员利用自动生成的ROP gadgets，可加速绕过DEP机制的Exploit开发过程，缩短Exploit的开发时间。

关键词: 缓冲区溢出, ROP自动生成, Exploit程序, 数据执行保护, Gadgets字典

Abstract: Return Oriented Programming(ROP) techniques can be used to bypass Data Execution Protection(DEP), but it is complicated and time-consuming to analyze the available code sequences in the executable library to combine them into ROP gadgets manually. This paper uses gadgets dictionary to build ROP gadgets automatically on Windows, which can perform arbitrary computation and is Turing-complete. Using ROP Gadgets generated automatically, exploit developer may accelerate the process of developing Exploit bypassing DEP.

Key words: buffer overflow, Return Oriented Programming(ROP) automatic generation, Exploit program, Data Execution Protection(DEP), Gadgets dictionary

中图分类号: 

• TP391