摘要 |
<p>The present invention relates to a technique for blocking a heap spray hacking attack by using NOP sled detection and more specifically, a technique for blocking a heap spray hacking attack by using NOP sled detection, which is capable of effectively blocking a hacking attack in advance by detecting and blocking a heap spray technique in order to prevent the execution of a virus and the distribution and spread of a malicious code. According to the present invention, it can be previously detected and blocked that a virus or a malicious code is automatically executed if a user accesses a hacked website or reads an infected document received through E-mail or SNS, thereby preventing the spread of the virus or malicious code and effectively blocking infection of a user terminal used by the user. [Reference numerals] (AA) Start; (BB) End; (S11) Run an application program; (S12) Hook API for monitoring of a heap memory allocation request; (S13) Determine whether or not of the heap memory allocation request; (S14) Check the length of a heap memory according to the allocation request; (S15) Determine whether the allocation request length is more than a threshold(L)?; (S16) Add to a heap memory allocation list; (S17) Determine whether or not of a previous allocation list; (S18) Check whether NOP sled is generated; (S19) Determine whether or not of the NOP sled; (S20) Reject the heap memory allocation request or force the thread to stop</p> |