Jisuanji kexue (Nov 2022)
Semantic Restoration and Automatic Transplant for ROP Exploit Script
Abstract
Exploit script plays an important role in security research.Security researchers need to study how the exploit script trigger and exploit the vulnerability,so as to effectively protect the vulnerable program.However,many exploit scripts obtained from network have poor generality and adaptability.They are limited to specific operating system and execution environment,and the change of environment will lead to execution failure.This problem is particular common in exploit scripts based on return-orinted programming(ROP),makes the transplanting and exploit analysis of ROP scripts are difficult and rely on manual assistance and expert knowledge.To solve this problem,we propose ROPTrans system,which locates key semantics and its variables related to the running environment through analysing the semantic of ROP script,and then automatically generates ROP script adapted to the target environment,so as to achieve the target of transplanting ROP scripts automatically.Experimental results show that the success rate of ROPTrans can reach up to 80%,which verifies the effectiveness of our method.
Keywords
