摘要：

论述基于Windows的结构化异常处理(SEH)及相关保护机制，从攻击者的角度总结SEH漏洞利用技术。利用堆地址或保护模块之外的地址覆盖SEH句柄指针，绕过SafeSEH机制，伪造SEH链，绕过SEHOP机制，并分析使程序执行流程定位到Shellcode的方法。实例验证了SEH漏洞利用技术的有效性。

关键词: 结构化异常处理, SafeSEH机制, SEHOP机制, 漏洞利用技术, Shellcode定位

Abstract:

This paper discusses the Structured Exception Handling(SEH) and related protection mechanism, from the perspective of attackers, summarizes the technology of SEH vulnerability exploitation. It uses heap addresses or addresses outside of protection modules to overwrite the pointer of SEH handles to bypass SafeSEH, and fakes SEH chain to bypass SEHOP. It analyzes some major methods of making program execution flow locate the Shellcode. Example verifies the effectiveness of the SHE vulnerability exploitation technology.

Key words: Structured Exception Handling(SEH), SafeSEH mechanism, SEHOP mechanism, vulnerability exploitation technology, Shellcode location

中图分类号: 

• TP309