Survey of Methods for Automated Code-Reuse Exploit Generation

This paper provides a survey of methods and tools for automated code-reuse exploit generation. Such exploits use code that is already contained in vulnerable program. The approach allows one to vulnerabilities the presence operating system protection prohibits data memory execution. contains description various methods: return-to-libc attack, return-oriented programming, jump-oriented others. We define fundamental terms: gadget, gadget frame, catalog. Moreover, we show that, fact, an instruction, set gadgets defines virtual machine. can reduce creation problem generation this Each particular executable file machine instruction set. provide searching determining their semantics (creating catalog). These allow get If Turing-complete, then compiler catalog as target architecture. However, some instructions be absent. Hence discuss several approaches replace missing with multiple gadgets. An tool chain by pattern (regular expressions) or considering semantics. Furthermore, chaining genetic algorithms, while others SMT-solvers. compare existing open-source propose testing rop-benchmark used verify whether generated successfully opens shell.