| 摘要 |
A cross-module detection system and method for detecting and monitoring control flow transfers between software modules in a computer system. The system and method detect and monitor control flows entering and exiting the software modules. For a particular module, a checking model is extracted from the binary file of that module. In addition, a relaxed shadow stack is generated. If the module is an original module, meaning that the control flow originated from that module, then the checking model is used to check the validity of the control flow transfer. Otherwise, the relaxed shadow stack is used. An interception module is used to intercept and terminate invalid control flow transfers. If an invalid control flow transfer is detected, then the transfer is terminated. Otherwise, the control flow transfer is allowed to continue.
|
