Abstract:

For many years buffer overflow vulnerability has been the most important and harmful mean of the field of network attacks. In Microsoft and other vendors did not use the DEP and ASLR on buffer overflow protection technology, the attackers use EIP to jump to the required position to complete the exploits. However, with the application of DEP and ASLR technology, during the current exploit, bypass the ASLR, Address Space Layout Randomization, protection mechanism is an essential part . Almost all of the vulnerabilities mining practitioners and attackers, both in the study through the way to bypass DEP and ASLR. From the content of ASLR protection mechanism, this paper mainly analyzes the current commonly used ASLR bypass technology of the Microsoft’s Windows system. Then, this paper puts forward a through relative offset bypass ASLR protection mechanism, and focuses on the analysis of the cve-2013-2551 vulnerabilities principles and details, and through the use of loopholes in the cve-2013-2551 demonstration in Microsoft's Windows 8 application this method successfully bypass ASLR protection mechanism of the Microsoft. The shortcoming of the method that proposed in this paper is that the attacker must be able to bypass the ASLR to read the memory, and its advantage is that the attacker can obtain the address of any function in the system.

Key words: vulnerability exploiting, ASLR protection mechanism, ROP chain, exposed base address