Abstract: As the promotion of the idea of return-oriented programming (ROP)，programs will face many new kinds of challenges from virus programs. With fine granularity, covert virus features, deliberate and sophisticated construction and rare static characteristics, ROP attack can circumvent many traditional defending measures. Under this circum- stances,it's imperative to discover the dynamic features of ROP attack program,identify its characteristics and defend it when it is executed. At this time, introducing the technology of dynamic binary instrumentation provides powerful sup- port for dynamic analysis of ROP attack. We introduced a defending measure to ROP attack with the help of DBI tech- nology. I3y identifying malicious program execution flow and restricting the call specification of libraries, we detected ROP attack. Furthermore, we designed an extensible defending framework over ROP attack to prove the generality and portability of our detect tool.

Key words: Return-oriented programming,Dynamic binary instrumentation,Programming security,Characteristic detec tion,hurning-complctc,Control flow