Computer Science

Computer Science ›› 2021, Vol. 48 ›› Issue (4): 288-294.doi: 10.11896/jsjkx.200300151

• Information Security • Previous Articles     Next Articles

Study of Universal Shellcode Generation Technology

CHEN Tao, SHU Hui, XIONG Xiao-bing   

  1. State Key Laboratory of Mathematical Engineering and Advanced Computing,Information Engineering University,Zhengzhou 450001,China
  • Received:2020-06-24 Revised:2020-07-06 Online:2021-04-15 Published:2021-04-09
  • About author:CHEN Tao,born in 1992,postgraduate.His main research interests include cyber security and reverse engineering.(498673466@qq.com)
    SHU Hui,born in 1974,Ph.D,professor,Ph.D supervisor.His main research interests include cyber security and reverse engineering.
  • Supported by:
    National Key R&D Program of China (2016YFB08011601).

PDF (PC)

842

Abstract: Shellcode generation technology is a program transformation technology that transforms programs from source form to binary form.This technology can be used to implement Shellcode generation,including Shellcode used in exploitation and functional Shellcode used in post-penetration period.This paper formally describes the relationship between code and data in the program and proposes a LLVM-based program transformation technology,which can be used to generate system-independent Shellcode.By constructing a built-in global data table and adding dynamic relocation code,this technology converts the access form of the code to the data from absolute memory address to relative memory address,eliminates the dependence of the relocation mechanism provided by operating system during code execution,and makes the generated Shellcode have good position-independent characteristics.In the experimental part,we test the function of our shellcode generation system based on this technology with different source code of different sizes under different operating systems.We also compare the consistency of the code function before and after the shellcode generation,as well as the file size,number of functions and execution time.Experiment results show that the shellcode generation system functions normally and has strong compatibility and versatility.

Key words: LLVM, Memory loading, Program transformation, Shellcode, Shellcode generation

CLC Number: 

  • TP309.5
[1]WANG Y,LI X H,GUANG L,et al.Attack and DefendingTechnology of shellcode[J].Computer Engineering,2010,36(18):163-165,168.
[2]NÉMETH Z L,LÁSZLÓ E.When Every Byte Counts-Writing Minimal Length Shellcodes[C]//Proceedings of the 13th International Symposium on Intelligent Systems and Informatics.Washington D.C.,USA:IEEE Press,2015:269-274.
[3]ARCE I.The shellcode generation[J].IEEE Security & Privacy Magazine,2004,2(5):72-76.
[4]NICKHAR B.Writing Shellcode with a C Compiler[EB/OL].(2010-07-01) [2019-01-28].https://nickharbour.wordpress.com/2010/07/01/writing-shellcode-with-a-c-compiler.
[5]MATT G.Writing Optimized Windows Shellcode in C[EB/OL].(2013-08-16)[2019-01-22].http://www.exploit-monday.com/2013/08/writing-optimized-windows-shellcode-in-c.html.
[6]ROSCHKE S,CHENG F,MEINEL C.BALG:Bypassing Application Layer Gateways using multi-stagedencrypted shellcodes[C]//IEEE 2011 IFIP/IEEE International Symposium on Integrated Network Management(IM).New Jersey:IEEE,2011:399-406.
[7]MASON J,SMALL S,MONROSE F,et al.English shellcode[C]//Proceeding of the 16th ACM Conference on Computer and Communications Security(CCS’09).New York:ACM,2009:524.
[8]BASU A,MATHURIA A,CHOWDARY N.Automatic generation of compact alphanumeric shellcodes for x86[C]///LNCS 8880:Information Systems Security.Berlin:Springer,2014:399-410.
[9]TAMBOLI T,AUSTIN T H,STAMP M.Metamorphic codegeneration from LLVM bytecode[J].Journal of Computer Virology and Hacking Techniques,2013,10(3):177-187.
[10]VERMA N,MISHRA V,SINGH V P.Detection of alphanu-meric shellcodes using similarity index[C]//Proceeding of 2014 International Conference on Advances in Computing,Communications and Informatics.2014:1573-1577.
[11]GU B X,BAI X L,YANG Z M,et al.Malicious shellcode detection with virtual memory snapshots[C]//Proceeding of the 29th Conference on Information Communications.2010:974-982.
[12]WANG L J,DUAN H X,LI X.Dynamic emulation based mode-ling and detection of polymorphic shellcode at the network level[J].Science China Information Sciences,2008,51(11):1883-1897.
[13]ZHAO Z M,AHN GAIL-JOON A.Using instruction sequence abstraction for shellcode detection and attribution[C]//Procee-ding of 2013 IEEE Conference on Communications and Net-work Security.2013:323-331.
[14]BIODI P.Shell Forge[EB/OL].(2005-07-04)[2019-01-30].http://www.secdev.org/projects/shellforge.
[15]CAILLAT B.WiShMaster-Windows Shellcode Mastery.[EB/OL].(2007-05-29)[2019-01-30].http://benjamin.caillat.free.fr/wishmaster.php.
[16]ZHU S,LUO S L,KE D X.Research on Automatic BuildingApproach of Windows Shellcode[J].Information System and Security,2017(4):15-25.
[1] HU Wei-fang, CHEN Yun, LI Ying-ying, SHANG Jian-dong. Loop Fusion Strategy Based on Data Reuse Analysis in Polyhedral Compilation [J]. Computer Science, 2021, 48(12): 49-58.
[2] HU Hao, SHEN Li, ZHOU Qing-lei and GONG Ling-qin. Node Fusion Optimization Method Based on LLVM Compiler [J]. Computer Science, 2020, 47(6A): 561-566.
[3] ZHANG Qi-liang, ZHANG Yu and ZHOU Kun. CCodeExtractor:Automatic Approach of Function Extraction for C Programs [J]. Computer Science, 2017, 44(4): 16-20.
[4] SHI Fei-yue and FU De-sheng. Research of Buffer Overflow Vulnerability Discovering Analysis and Exploiting [J]. Computer Science, 2013, 40(11): 143-146.
[5] . Method of Shellcode Detection Based on Static and Dynamic Mechanism [J]. Computer Science, 2011, 38(12): 125-127.
[6] WANG Quan-yu,YING Shi,LU Guo-bin,ZHAO Kai. Semantic Web Service-oriented Semantic Program Transformation Approach [J]. Computer Science, 2010, 37(3): 175-177181.
[7] . [J]. Computer Science, 2007, 34(11): 232-238.
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
Add:18# Honghu West Rd., Yubei ,Chongqing,China    Post Code: 401121
Tel: 023-63500828/023-67039612/023-67039623
E-mail: jsjkx12@163.com
Powered by Beijing Magtech Co., Ltd.