System and method for automatic use-after-free exploit detection

摘要

Systems, methods and media are shown for automatically detecting a use-after-free exploit based attack that involve receiving crash dump data relating to a fault event, determining whether the fault event instruction is a call type instruction and, if so, identifying a UAF attack by checking whether it includes a base address in a first register that stores a pointer to free memory and, if so, generating a UAF alert. In some examples, generating a use-after-free alert includes automatically sending a message that indicates a UAF attack or automatically triggering a system defense to the UAF attack. Some examples may include, for a call type faulting instruction, identifying a UAF attack, checking whether a base address in the first register includes a pointer in a second register to a free memory location associated with the base address.