Tazhi: A novel technique for hunting trampoline gadgets of jump oriented programming (A class of code reuse attacks)

摘要

Code reuse attacks enable attackers to manipulate the memory and execute their own code on a target system without the need to inject any operating code in the memory space. Jump Oriented Programming is known as a class of this type which has two different kinds of implementation. The main idea is to chain different sequences of instructions terminated to an indirect jump by using controller gadgets called dispatchers or trampolines. This paper focuses on the second type of implementations which uses trampoline gadgets. Finding useful trampolines in different libraries is an issue that considered here. This paper shows useful intended and unintended trampolines available in some famous versions of libraries in Windows and Linux platforms. Additionally, our searching algorithm and a comparison between results of trampolines are presented.