Name
Abstract | ||
|---|---|---|
We demonstrate that automated, architecture-independent gadget search is possible. Gadgets are code fragments which can be used to build unintended programs from existing code in memory. Our contribution is a framework of algorithms capable of locating a Turing-complete gadget set. Translating machine code into an intermediate language allows our framework to be used for many different CPU architectures with minimal architecture-dependent adjustments. We define the paradigm of free-branch instructions to succinctly capture which gadgets will be found by our framework and investigate side effects of the gadgets produced. Furthermore we discuss architectural idiosyncrasies for several widely spread CPU architectures and how they need to be taken into account by the generic algorithms when locating gadgets. |
Year | Venue | Keywords |
|---|---|---|
2010 | WOOT | architectural idiosyncrasy,architecture-independent gadget search,intermediate language,Turing-complete gadget set,CPU architecture,different CPU architecture,code fragment,free-branch instruction,Translating machine code,automated architecture-independent gadget search,generic algorithm |
DocType | Citations | PageRank |
Conference | 24 | 1.60 |
References | Authors | |
4 | 3 | |
Name | Order | Citations | PageRank |
|---|---|---|---|
| Thomas Dullien | 1 | 29 | 2.40 |
| Tim Kornau | 2 | 24 | 1.60 |
| Ralf-Philipp Weinmann | 3 | 308 | 20.88 |