信息网络安全 ›› 2017, Vol. 17 ›› Issue (4): 15-25.doi: 10.3969/j.issn.1671-1122.2017.04.003

• • 上一篇    下一篇

Windows Shellcode自动构建方法研究

朱帅, 罗森林(), 柯懂湘   

  1. 北京理工大学信息系统及安全对抗实验中心,北京 100081
  • 收稿日期:2017-02-26 出版日期:2017-04-20 发布日期:2020-05-12
  • 作者简介:

    作者简介: 朱帅(1993—),男,湖北,硕士研究生,主要研究方向为信息安全;罗森林(1968—),男,河北,教授,博士,主要研究方向为信息安全、数据挖掘、文本安全等;柯懂湘(1994—),男,陕西,硕士研究生,主要研究方向为信息安全。

  • 基金资助:
    国家242信息安全计划[2005C48]

Research on Automatic Building Approach of Windows Shellcode

Shuai ZHU, Senlin LUO(), Dongxiang KE   

  1. Information System and Security & Countermeasures Experimental Center, Beijing Institute of Technology, Beijing 100081, China
  • Received:2017-02-26 Online:2017-04-20 Published:2020-05-12

摘要:

随着计算机技术的飞速发展,软件的规模及复杂程度在快速增加的同时也带来了极大的安全隐患,各种软件漏洞层出不穷,漏洞利用成为研究的热点。在漏洞利用的过程中,shellcode作为最关键的组件,其质量直接影响到漏洞利用的效果。针对已有的shellcode自动构建方法存在兼容性低、对大型shellcode支持性较差、自动化程度及易用性较低的缺点,文章提出一种Windows shellcode自动构建方法。该方法通过编写框架提供编程接口和编程环境,使编写者通过C语言编写shellcode,并将shellcode的编译、生成、提取、测试以及编码和优化过程进行整合,实现x86/x64平台Windows shellcode的自动构建。文章对基于该方法实现的原型系统进行了验证,结果表明,系统在兼容性、可靠性、自动化性能方面均有较好表现,能够利用系统顺利完成shellcode的构建任务,具有较高的实际应用价值。

关键词: 漏洞利用, shellcode, 自动构建

Abstract:

With the rapid development of computer technology, the scale and complexity of software is increasing, which also brought great security risk at the same time. shellcode is the key component in the process of the vulnerability exploitation. Its quality directly affects the effect of the exploit. But existing techniques have many downsides, such as less automation, usability and compatibility problems. In this paper, an automatic building approach of Windows shellcode has been proposed, which can provide programming interface & environment, and can let the programmers write shellcode with C language. In order to build the Windows shellcode of x86/x64 platform automatically, it also includes the compilation, building, extracting, testing, encoding and optimization steps. Based on the approach, this paper implements the prototype system of shellcode building automatically and makes some experiments. The result shows that the system performs well in compatibility, reliability and automatic performance. The system can be applied to shellcode building easily.

Key words: vulnerability exploitation, shellcode, automatic building

中图分类号: