| 发明名称 |
Detecting a Return-Oriented Programming Exploit |
| 摘要 |
A method and apparatus for detecting a Return-Oriented Programming exploitation. At a computer device, a mechanism to detect a control transfer of a code location in a memory is established. This may be, for example, hooking the control transfer. The code location relates to an electronic file. In the event that a control transfer of the code location is detected, a comparison is made between a destination code location address with values in the freed stack. If the code location address matches any of the values in the freed stack, then it is determined that the control transfer of the code location relates to a Return-Oriented Programming exploitation. |
| 申请公布号 |
US2015161396(A1) |
申请公布日期 |
2015.06.11 |
| 申请号 |
US201514624617 |
申请日期 |
2015.02.18 |
| 申请人 |
F-Secure Corporation |
发明人 |
Hentunen Daavid |
| 分类号 |
G06F21/57 |
主分类号 |
G06F21/57 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method of detecting a Return-Oriented Programming exploitation of an application, the method comprising, at a computer device:
establishing a hooking rule to hook a code location relating to an electronic file stored in a computer readable medium in the form of a non-transitory memory; in the event that a control transfer of the code location relating to the electronic file is detected, comparing a code location address with values in a stack space freed by the control transfer and, in the event that the code location address and any of the values in the freed stack match, determining that the control transfer relates to a Return-Oriented Programming exploitation. |
| 地址 |
Helsinki FI |
