Netinfo Security ›› 2017, Vol. 17 ›› Issue (7): 1-10.doi: 10.3969/j.issn.1671-1122.2017.07.001

• Orginal Article •     Next Articles

Analysis and Improvement of Windows Heap Randomization

Weiping WEN1(), Shilin JIA1, Jiawei DU2, Ce QIN1   

  1. 1.School of Software & Microelectronics, Peking University, Beijing 102600, China;
    2. Luoyang Electric Equipment Test Center, Luoyang Henan 471032, China
  • Received:2017-04-19 Online:2017-07-20 Published:2020-05-12

Abstract:

As the most widely used operating system, the security of Windows has become the focus of attackers and researchers at home and abroad. This paper starts with Windows memory management system, analyzes the heap address randomization mechanism of Windows operating system by reverse engineering and dynamic debugging, and designs and implements a randomized improvement scheme. The research work is divided into two parts: One is through the reverse debugging, exploring the Windows heap memory area, exploring the realization principle and method of heap address randomization mechanism, and analyzing and verifying the vulnerabilities of Windows heap address randomization mechanism by combined with several known attack methods. On the other hand, the corresponding solution is designed according to the analysis results to further enhance the randomness of the heap address configuration, and to reduce the harms of the known attack methods. The proposed scheme can effectively compensate for the lack of Windows system in heap address randomization design, reduce the harms of related attack technology, and improve the overall security performance of the system.

Key words: Windows, heap, randomization, reverse engineering

CLC Number: