Dve data virtual execution technology vs dep + aslr + emet + cfi

Source: Internet
Author: User

Dve data virtual execution technology vs dep + aslr + emet + cfi

The idea of articles about 97 years ago should be somewhat early. When the macro virus broke out, Kingsoft and Jiangmin company thought about it. In fact, the previous article refuted some expert articles of Kingsoft at that time! I have repeatedly named the two articles and said that many people did not understand them. Many high people think they have understood them and laughed at me. If you are engaged in security, you can read, understand, and understand it. You can also append it to find and use the exception structure to break through overflow protection.

In my personal understanding, overflow attacks only change the original process of the program through external entries, and the method for changing the program process is not just overflow,

 

"Interpretation execution is essentially the same as CPU code execution !" "Why do we need to select an array with pointers in C?" "sometimes there are bugs that can enhance our instruction set ". With code execution, DVE data is directly executed through DEP. How can I expand the script language instruction set? What are the essential differences between scripting and C and assembly? The script language has no pointer. What is the essence of the pointer? Array. Everything comes naturally.

 

DEP is required for remote code execution. After a gorgeous Turn, it is converted to no DEP. I already have local code execution and how to escalate permissions (beyond the limits of virtual machines) the local code has nothing to do with aslr. CFI. At that time, I said that CFI was also a virtual machine and got a joke. In the competition for EIP, I am competing for vip, not EIP. CFI is in a hurry.

 

 

The direct script is the Execution Code, that is, the shellcode. After DEP is passed, I use the whole script, so why can I deal with future versions of Internet Explorer, operating systems, and protection measures, the idea is not only for IE, but for windows, not for x86. An exp can be easily used on x86 and arm platforms. I have understood the essence of shellcode in my advanced language. I have developed shellcode, and my shellcode is a script. It is not in the same space as all current countermeasures.

I want to compare it with my usage. Is there a gap? The entire theoretical array is just a relatively good technical point, And now it relies entirely on arrays, and many have not yet made good use of arrays.

 

 

Two articles worth at least 0.5 million USD in 97 years, APT worth at least 5 million USD, explained a few words for everyone. How to make perfect use depends on everyone's creation. The question of how to write shellcode is that it can be read and written at will. Is it so simple? Can your shellcode write be generic? Can some protection capabilities be improved in the future?

My colleague just read the insafemode and changed it to a byte. Then he can directly use the script shellcode.

 

How many alarms can be triggered if the process is not loaded to directly open files and send encrypted messages? Can FEYE and China's 0-day anti-DDoS pro be protected? What if some protection replay functions are added?

 

One of my current protection technologies using code is completely not triggered, and the entire EIP is not controlled and changed.

Text virus (new virus theory)! At that time, it was only written to play with viruses. Now it seems that a tutorial on how to combat DEP is released.


 

At present, many security experts also believe that the root cause of today's vulnerabilities is that the structure data and commands of computer von noriman are not differentiated. The text virus already specifies the computer commands and virtual code (data) there is no essential difference. In fact, the data is the instructions in the virtual machine, and it can have nothing to do with the instructions in the computer.


 

The Data Control in Chen Shuo's thesis is quite special and rare. It also contains these situations, but the script environment is more universal and more convenient and stable to implement control.


 

The final result is an ie exp exploitation code written in. It was debugged under win7 + ie8 at that time and can be successfully used until now without any modifications, can run on win9x-win8.1 + ie5-ie11 + emet5.

 

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.