A framework for automated architecture-independent gadget search
- Type
- Slides
- Tags
- hacking
- Event
- Chaos Communication Congress 27th (27C3) 2010
- Indexed on
- Mar 27, 2013
- URL
- http://events.ccc.de/congress/2010/Fahrplan/attachments/1805_CCC_SLIDES_FRAMEWORK_FOR_ARCHITECTURE_INDEPENDENT_GADGET_SEARCH.pdf
- File name
- 1805_CCC_SLIDES_FRAMEWORK_FOR_ARCHITECTURE_INDEPENDENT_GADGET_SEARCH.pdf
- File size
- 476.6 KB
- MD5
- 692a28143c3becd815af416ab5d4e5b2
- SHA1
- 2e90085009745753e8506e7c6d36ae8546c5725b
We demonstrate that automated, architecture-independent gadget search is possible. Gadgets are code fragments which can be used to build unintended programs from existing code in memory. Our contribution is a framework of algorithms capable of locating a Turing-complete gadget set. Translating machine code into an intermediate language allows our framework to be used for many different CPU architectures with minimal architecture-dependent adjustments. We define the paradigm of free-branch instructions to succinctly capture which gadgets will be found by our framework and investigate side effects of the gadgets produced. Furthermore we discuss architectural idiosyncrasies for several widely spread CPU architectures and how they need to be taken into account by the generic algorithms when locating gadgets.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
