Xiao Xing scite author profile

Xiao Xing

4Publications

60Citation Statements Received

40Citation Statements Given

How they've been cited

How they cite others

Affiliations

National Computer Network Emergency Response Technical Team/Coordination Center of Chinar, Nanjing University, Nanjing University of Science and Technology

Publications

Order By: Most citations

Automatic construction of jump-oriented programming shellcode (on the x86)

Chen

Xing

Mao

et al. 2011

View full text Add to dashboard Cite

Return-Oriented Programming (ROP) is a technique which leverages the instruction gadgets in existing libraries/executables to construct Turing complete programs. However, ROP attack is usually composed with gadgets which are ending in ret instruction without the corresponding call instruction. Based on this fact, several defense mechanisms have been proposed to detect the ROP malicious code. To circumvent these defenses, Return-Oriented Programming without returns has been proposed recently, which uses the gadgets ending in jmp instruction but with much diversity. In this paper, we propose an improved ROP techniques to construct the ROP shellcode without returns. Meanwhile we implement a tool to automatically construct the realworld Return-Oriented Programming without returns shellcode, which as demonstrated in our experiment can bypass most of the existing ROP defenses.

show abstract

Efficient Detection of the Return-Oriented Programming Malicious Code

Chen

Xing

Han

et al. 2010

View full text Add to dashboard Cite

Automatic construction of printable return-oriented programming payload

Ding

Xing

Chen

et al. 2014

View full text Add to dashboard Cite

Return-oriented programming is a kind of codereuse technique for attackers, which is very effective to bypass the DEP defense. However, the instruction snippet (we call it gadget) is often unprintable 1 . This shortcoming can limit the ROP attack to be deployed to practice, since non-ASCII scanning can detect such ROP payload. In this paper, we present a novel method that only uses the printable gadgets, as such it can circumvent the non-ASCII detection. However, this method is non-trival because printable gadgets count for about 10 percents of all the gadgets we can find in existing code(e.g., library or program code). Additionally, not only the gadget address but also data should all be printable in our ROP payload. To construct the printable ROP payload, we propose reverse derivation method to transform original shellcode to printable ROP payload. The transformation is driven by state machines, which indicate the status of data flows. Experimental results show that our method can construct the printable ROP payload that has the same functionality as the real-world malicious shellcode, in addition, the construction process is totally automatic.

show abstract

Reusable and Efficient Polystryrene-supported Acidic Ionic Liquid Catalyst for Mononitration of Aromatic Compounds

Li¹,

Ling²,

Liu³

et al. 2012

Bulletin of the Korean Chemical Society

View full text Add to dashboard Cite

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Xiao Xing

Automatic construction of jump-oriented programming shellcode (on the x86)

Efficient Detection of the Return-Oriented Programming Malicious Code

Automatic construction of printable return-oriented programming payload

Reusable and Efficient Polystryrene-supported Acidic Ionic Liquid Catalyst for Mononitration of Aromatic Compounds

Contact Info

Product

Resources

About