计算机科学 ›› 2021, Vol. 48 ›› Issue (4): 288-294.doi: 10.11896/jsjkx.200300151
陈涛, 舒辉, 熊小兵
CHEN Tao, SHU Hui, XIONG Xiao-bing
摘要: 代码Shell化技术是一种实现程序从源码形态到二进制形态的程序变换技术。该技术可用于实现Shellcode生成,生成包括漏洞利用过程中的Shellcode及后渗透测试过程中的功能性Shellcode。文中形式化地描述了程序中代码与数据的关系,提出了一种基于LLVM(Low Level Virtual Machine)的通用程序变换方法,该方法可用于实现操作系统无关的代码Shell化。该技术通过构建代码内置全局数据表和添加动态重定位代码,将代码对数据的绝对内存地址访问转化为对代码内部全局数据表的相对地址访问,重构了代码与数据之间的引用关系,解决了代码执行过程中对操作系统重定位机制依赖的问题,使得生成的Shellcode代码具有位置无关特性。在验证实验中,使用适用于不同操作系统的不同规模的工程源码对基于该技术实现的Shellcode生成系统进行了功能测试,并对比了Shell化前后代码功能的一致性、文件大小、函数数量和运行时间,实验结果表明基于该技术的Shellcode生成系统功能正常,具有较好的兼容性和通用性。
中图分类号:
[1]WANG Y,LI X H,GUANG L,et al.Attack and DefendingTechnology of shellcode[J].Computer Engineering,2010,36(18):163-165,168. [2]NÉMETH Z L,LÁSZLÓ E.When Every Byte Counts-Writing Minimal Length Shellcodes[C]//Proceedings of the 13th International Symposium on Intelligent Systems and Informatics.Washington D.C.,USA:IEEE Press,2015:269-274. [3]ARCE I.The shellcode generation[J].IEEE Security & Privacy Magazine,2004,2(5):72-76. [4]NICKHAR B.Writing Shellcode with a C Compiler[EB/OL].(2010-07-01) [2019-01-28].https://nickharbour.wordpress.com/2010/07/01/writing-shellcode-with-a-c-compiler. [5]MATT G.Writing Optimized Windows Shellcode in C[EB/OL].(2013-08-16)[2019-01-22].http://www.exploit-monday.com/2013/08/writing-optimized-windows-shellcode-in-c.html. [6]ROSCHKE S,CHENG F,MEINEL C.BALG:Bypassing Application Layer Gateways using multi-stagedencrypted shellcodes[C]//IEEE 2011 IFIP/IEEE International Symposium on Integrated Network Management(IM).New Jersey:IEEE,2011:399-406. [7]MASON J,SMALL S,MONROSE F,et al.English shellcode[C]//Proceeding of the 16th ACM Conference on Computer and Communications Security(CCS’09).New York:ACM,2009:524. [8]BASU A,MATHURIA A,CHOWDARY N.Automatic generation of compact alphanumeric shellcodes for x86[C]///LNCS 8880:Information Systems Security.Berlin:Springer,2014:399-410. [9]TAMBOLI T,AUSTIN T H,STAMP M.Metamorphic codegeneration from LLVM bytecode[J].Journal of Computer Virology and Hacking Techniques,2013,10(3):177-187. [10]VERMA N,MISHRA V,SINGH V P.Detection of alphanu-meric shellcodes using similarity index[C]//Proceeding of 2014 International Conference on Advances in Computing,Communications and Informatics.2014:1573-1577. [11]GU B X,BAI X L,YANG Z M,et al.Malicious shellcode detection with virtual memory snapshots[C]//Proceeding of the 29th Conference on Information Communications.2010:974-982. [12]WANG L J,DUAN H X,LI X.Dynamic emulation based mode-ling and detection of polymorphic shellcode at the network level[J].Science China Information Sciences,2008,51(11):1883-1897. [13]ZHAO Z M,AHN GAIL-JOON A.Using instruction sequence abstraction for shellcode detection and attribution[C]//Procee-ding of 2013 IEEE Conference on Communications and Net-work Security.2013:323-331. [14]BIODI P.Shell Forge[EB/OL].(2005-07-04)[2019-01-30].http://www.secdev.org/projects/shellforge. [15]CAILLAT B.WiShMaster-Windows Shellcode Mastery.[EB/OL].(2007-05-29)[2019-01-30].http://benjamin.caillat.free.fr/wishmaster.php. [16]ZHU S,LUO S L,KE D X.Research on Automatic BuildingApproach of Windows Shellcode[J].Information System and Security,2017(4):15-25. |
[1] | 胡伟方, 陈云, 李颖颖, 商建东. 基于数据重用分析的多面体循环合并策略 Loop Fusion Strategy Based on Data Reuse Analysis in Polyhedral Compilation 计算机科学, 2021, 48(12): 49-58. https://doi.org/10.11896/jsjkx.210200071 |
[2] | 胡浩, 沈莉, 周清雷, 巩令钦. 基于LLVM编译器的节点融合优化方法 Node Fusion Optimization Method Based on LLVM Compiler 计算机科学, 2020, 47(6A): 561-566. https://doi.org/10.11896/JsJkx.191100017 |
[3] | 张其良,张昱,周坤. CCodeExtractor:一种针对C程序自动化的函数提取方法 CCodeExtractor:Automatic Approach of Function Extraction for C Programs 计算机科学, 2017, 44(4): 16-20. https://doi.org/10.11896/j.issn.1002-137X.2017.04.004 |
[4] | 史飞悦,傅德胜. 缓冲区溢出漏洞挖掘分析及利用的研究 Research of Buffer Overflow Vulnerability Discovering Analysis and Exploiting 计算机科学, 2013, 40(11): 143-146. |
[5] | 赵帅,丁保贞,沈备军,林九川. 动静结合的攻击代码检测方法 Method of Shellcode Detection Based on Static and Dynamic Mechanism 计算机科学, 2011, 38(12): 125-127. |
[6] | 王权于,应时,吕国斌,赵楷. 一种面向语义Web服务的语义程序变换方法 Semantic Web Service-oriented Semantic Program Transformation Approach 计算机科学, 2010, 37(3): 175-177181. |
[7] | . 算法程序变换研究与进展 计算机科学, 2007, 34(11): 232-238. |
[8] | 黄明和 刘润杰. 图回路算法的演绎综合 计算机科学, 1999, 26(11): 66-69. |
[9] | 姚春玲 孙永强. 一种基于算法骨架的函数式程序变换技术 计算机科学, 1995, 22(2): 11-16. |
[10] | 蔡经球 郭艺勋. 递归程序变换及其实验 计算机科学, 1990, 17(3): 60-65. |
|