Return Oriented Programming
Return Oriented Programming ( ROP ; German return-oriented programming ) is a technique for exploiting a security gap in which the attacker manipulates the call stack in such a way that indirectly selected machine code is executed after the next return command.
Because the selected machine code comes directly from the executable memory, protection via a set NX bit is not possible.
The return-into-libc technique is a special implementation of return-oriented programming .
swell
- ↑ New exploit technology tricked memory protection. Heise Online, March 19, 2010, accessed September 18, 2013 .
- ↑ Tricked ROP protection in Windows 8. Heise Online, October 31, 2011, accessed on September 18, 2013 .
- ↑ Hovav Shacham, Erik Buchanan, Ryan Roemer, Stefan Savage: Return-Oriented Programming: Exploits Without Code Injection. August 2008, accessed March 20, 2010 .