| 发明名称 |
SYSTEM FOR DETECTING CALL STACK TAMPERING |
| 摘要 |
The invention relates to a method for detecting a subroutine call stack modification, including the steps of, when calling a subroutine, placing a return address at the top of the stack; at the end of the subroutine, using the address at the top of the stack as the return address, and removing the address from the stack; when calling the subroutine, accumulating the return address in a memory location with a first operation; at the end of the subroutine, accumulating the address from the top of the stack in the memory location with a second operation, reciprocal of the first operation; and detecting a change when the content of the memory location is different from its initial value. |
| 申请公布号 |
US2015220328(A1) |
申请公布日期 |
2015.08.06 |
| 申请号 |
US201314417639 |
申请日期 |
2013.07.31 |
| 申请人 |
INSIDE SECURE |
发明人 |
Galdo Florian |
| 分类号 |
G06F9/44;G06F12/06 |
主分类号 |
G06F9/44 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method for detecting a subroutine call stack modification, comprising the following steps for each subroutine in a sequence of subroutines nested in an initial subroutine:
when calling a current subroutine, placing a return address at the top of the stack; at the end of the current subroutine, using the address at the top of the stack as the return address, and removing the address from the stack; assigning a single memory location to the sequence of subroutines; saving the initial value of the memory location before calling the initial subroutine; when calling the current subroutine, accumulating the return address in the memory location with a first operation; at the end of the current subroutine, accumulating the address from the top of the stack in the memory location with a second operation, reciprocal of the first operation; and upon returning from the initial subroutine, detecting a modification when the content of the memory location differs from the initial value. |
| 地址 |
Meyreuil FR |
