通用代码Shell化技术研究

doi:10.11896/jsjkx.200300151

计算机科学 ›› 2021, Vol. 48 ›› Issue (4): 288-294.doi: 10.11896/jsjkx.200300151

通用代码Shell化技术研究

陈涛, 舒辉, 熊小兵

信息工程大学数学工程与先进计算国家重点实验室郑州450001

收稿日期:2020-06-24 修回日期:2020-07-06 出版日期:2021-04-15 发布日期:2021-04-09
通讯作者: 舒辉(415314938@qq.com)
基金资助:
国家重点研发计划项目(2016YFB08011601)

Study of Universal Shellcode Generation Technology

CHEN Tao, SHU Hui, XIONG Xiao-bing

State Key Laboratory of Mathematical Engineering and Advanced Computing,Information Engineering University,Zhengzhou 450001,China

Received:2020-06-24 Revised:2020-07-06 Online:2021-04-15 Published:2021-04-09
About author:CHEN Tao,born in 1992,postgraduate.His main research interests include cyber security and reverse engineering.(498673466@qq.com)
SHU Hui,born in 1974,Ph.D,professor,Ph.D supervisor.His main research interests include cyber security and reverse engineering.
Supported by:
National Key R&D Program of China (2016YFB08011601).

摘要/Abstract

摘要： 代码Shell化技术是一种实现程序从源码形态到二进制形态的程序变换技术。该技术可用于实现Shellcode生成,生成包括漏洞利用过程中的Shellcode及后渗透测试过程中的功能性Shellcode。文中形式化地描述了程序中代码与数据的关系,提出了一种基于LLVM(Low Level Virtual Machine)的通用程序变换方法,该方法可用于实现操作系统无关的代码Shell化。该技术通过构建代码内置全局数据表和添加动态重定位代码,将代码对数据的绝对内存地址访问转化为对代码内部全局数据表的相对地址访问,重构了代码与数据之间的引用关系,解决了代码执行过程中对操作系统重定位机制依赖的问题,使得生成的Shellcode代码具有位置无关特性。在验证实验中,使用适用于不同操作系统的不同规模的工程源码对基于该技术实现的Shellcode生成系统进行了功能测试,并对比了Shell化前后代码功能的一致性、文件大小、函数数量和运行时间,实验结果表明基于该技术的Shellcode生成系统功能正常,具有较好的兼容性和通用性。

关键词: LLVM, Shellcode, 程序变换, 代码Shell化, 内存加载

Abstract: Shellcode generation technology is a program transformation technology that transforms programs from source form to binary form.This technology can be used to implement Shellcode generation,including Shellcode used in exploitation and functional Shellcode used in post-penetration period.This paper formally describes the relationship between code and data in the program and proposes a LLVM-based program transformation technology,which can be used to generate system-independent Shellcode.By constructing a built-in global data table and adding dynamic relocation code,this technology converts the access form of the code to the data from absolute memory address to relative memory address,eliminates the dependence of the relocation mechanism provided by operating system during code execution,and makes the generated Shellcode have good position-independent characteristics.In the experimental part,we test the function of our shellcode generation system based on this technology with different source code of different sizes under different operating systems.We also compare the consistency of the code function before and after the shellcode generation,as well as the file size,number of functions and execution time.Experiment results show that the shellcode generation system functions normally and has strong compatibility and versatility.

Key words: LLVM, Memory loading, Program transformation, Shellcode, Shellcode generation

中图分类号:

TP309.5

陈涛, 舒辉, 熊小兵. 通用代码Shell化技术研究[J]. 计算机科学, 2021, 48(4): 288-294. https://doi.org/10.11896/jsjkx.200300151

CHEN Tao, SHU Hui, XIONG Xiao-bing. Study of Universal Shellcode Generation Technology[J]. Computer Science, 2021, 48(4): 288-294. https://doi.org/10.11896/jsjkx.200300151

参考文献

[1]WANG Y,LI X H,GUANG L,et al.Attack and DefendingTechnology of shellcode[J].Computer Engineering,2010,36(18):163-165,168.
[2]NÉMETH Z L,LÁSZLÓ E.When Every Byte Counts－Writing Minimal Length Shellcodes[C]//Proceedings of the 13th International Symposium on Intelligent Systems and Informatics.Washington D.C.,USA:IEEE Press,2015:269-274.
[3]ARCE I.The shellcode generation[J].IEEE Security & Privacy Magazine,2004,2(5):72-76.
[4]NICKHAR B.Writing Shellcode with a C Compiler[EB/OL].(2010-07-01) [2019-01-28].https://nickharbour.wordpress.com/2010/07/01/writing-shellcode-with-a-c-compiler.
[5]MATT G.Writing Optimized Windows Shellcode in C[EB/OL].(2013-08-16)[2019-01-22].http://www.exploit-monday.com/2013/08/writing-optimized-windows-shellcode-in-c.html.
[6]ROSCHKE S,CHENG F,MEINEL C.BALG:Bypassing Application Layer Gateways using multi-stagedencrypted shellcodes[C]//IEEE 2011 IFIP/IEEE International Symposium on Integrated Network Management(IM).New Jersey:IEEE,2011:399-406.
[7]MASON J,SMALL S,MONROSE F,et al.English shellcode[C]//Proceeding of the 16th ACM Conference on Computer and Communications Security(CCS’09).New York:ACM,2009:524.
[8]BASU A,MATHURIA A,CHOWDARY N.Automatic generation of compact alphanumeric shellcodes for x86[C]///LNCS 8880:Information Systems Security.Berlin:Springer,2014:399-410.
[9]TAMBOLI T,AUSTIN T H,STAMP M.Metamorphic codegeneration from LLVM bytecode[J].Journal of Computer Virology and Hacking Techniques,2013,10(3):177-187.
[10]VERMA N,MISHRA V,SINGH V P.Detection of alphanu-meric shellcodes using similarity index[C]//Proceeding of 2014 International Conference on Advances in Computing,Communications and Informatics.2014:1573-1577.
[11]GU B X,BAI X L,YANG Z M,et al.Malicious shellcode detection with virtual memory snapshots[C]//Proceeding of the 29th Conference on Information Communications.2010:974-982.
[12]WANG L J,DUAN H X,LI X.Dynamic emulation based mode-ling and detection of polymorphic shellcode at the network level[J].Science China Information Sciences,2008,51(11):1883-1897.
[13]ZHAO Z M,AHN GAIL-JOON A.Using instruction sequence abstraction for shellcode detection and attribution[C]//Procee-ding of 2013 IEEE Conference on Communications and Net-work Security.2013:323-331.
[14]BIODI P.Shell Forge[EB/OL].(2005-07-04)[2019-01-30].http://www.secdev.org/projects/shellforge.
[15]CAILLAT B.WiShMaster-Windows Shellcode Mastery.[EB/OL].(2007-05-29)[2019-01-30].http://benjamin.caillat.free.fr/wishmaster.php.
[16]ZHU S,LUO S L,KE D X.Research on Automatic BuildingApproach of Windows Shellcode[J].Information System and Security,2017(4):15-25.

Metrics

Viewed

Full text

Abstract

Cited

Shared

Discussed

通用代码Shell化技术研究

Study of Universal Shellcode Generation Technology

PDF (PC)

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 10

Metrics

本文评价

推荐阅读 0

[1]	胡伟方, 陈云, 李颖颖, 商建东. 基于数据重用分析的多面体循环合并策略 Loop Fusion Strategy Based on Data Reuse Analysis in Polyhedral Compilation 计算机科学, 2021, 48(12): 49-58. https://doi.org/10.11896/jsjkx.210200071
[2]	胡浩, 沈莉, 周清雷, 巩令钦. 基于LLVM编译器的节点融合优化方法 Node Fusion Optimization Method Based on LLVM Compiler 计算机科学, 2020, 47(6A): 561-566. https://doi.org/10.11896/JsJkx.191100017
[3]	张其良,张昱,周坤. CCodeExtractor:一种针对C程序自动化的函数提取方法 CCodeExtractor:Automatic Approach of Function Extraction for C Programs 计算机科学, 2017, 44(4): 16-20. https://doi.org/10.11896/j.issn.1002-137X.2017.04.004
[4]	史飞悦,傅德胜. 缓冲区溢出漏洞挖掘分析及利用的研究 Research of Buffer Overflow Vulnerability Discovering Analysis and Exploiting 计算机科学, 2013, 40(11): 143-146.
[5]	赵帅,丁保贞,沈备军,林九川. 动静结合的攻击代码检测方法 Method of Shellcode Detection Based on Static and Dynamic Mechanism 计算机科学, 2011, 38(12): 125-127.
[6]	王权于，应时，吕国斌，赵楷. 一种面向语义Web服务的语义程序变换方法 Semantic Web Service-oriented Semantic Program Transformation Approach 计算机科学, 2010, 37(3): 175-177181.
[7]	. 算法程序变换研究与进展计算机科学, 2007, 34(11): 232-238.
[8]	黄明和刘润杰. 图回路算法的演绎综合计算机科学, 1999, 26(11): 66-69.
[9]	姚春玲孙永强. 一种基于算法骨架的函数式程序变换技术计算机科学, 1995, 22(2): 11-16.
[10]	蔡经球郭艺勋. 递归程序变换及其实验计算机科学, 1990, 17(3): 60-65.