关键词: 容错机制, 异常处理, ASLR绕过, 漏洞攻击

Abstract: ASLR is an important protection mechanism against vulnerability attack. Crash-resistance attack is a main method to bypass ASLR, which can search for sensitive information in memory repeatedly utilizing crash-resistance mechanism. However, the current search algorithm of crash-resistance attack takes a long time to find useful information which results in less practical. In order to enhance the practicability of attack, a novel method is proposed which combines crash-resistance and memory range statistics to bypass ASLR. This method analyzes crash-resistance attack deeply by using software reverse engineering to find out internal implementation of crash-resistance mechanism in operating systems and browser software. It analyzes space layout in a process memory, counts up the average proportion of system DLLs distribution in different ranges, and selects the range of maximum probability to search DLLs and to locate key base address in order to bypass ASLR. The test results show that the proposed method greatly reduces the average time consumption and the maximum time consumption compared with the existing methods.

Key words: crash-resistance mechanism, exception handling, bypassing ASLR, vulnerability attack