UnROP

Abstract

Return-oriented Programming (ROP) has become the most common way to exploit bugs in application, and stack pivoting is a common techniques for facilitating the attack. Stack pivoting poses a challenge in finding the root cause of the exploitation because it is hard to trace the execution flow and identify the exact trigger point of exploitation. This thesis presents several ways to do stack pivoting and designed methods to traceback in different situations. We tested our methods with real system crash dumps and evaluate the effective- ness of our approaches. Our solution is expect to help malware researchers to debug and defend against ROP-based attacks.