通用代码Shell化技术研究

Study of Universal Shellcode Generation Technology

代码Shell化技术是一种实现程序从源码形态到二进制形态的程序变换技术。该技术可用于实现Shellcode生成,生成包括漏洞利用过程中的Shellcode及后渗透测试过程中的功能性Shellcode。文中形式化地描述了程序中代码与数据的关系,提出了一种基于LLVM(Low Level Virtual Machine)的通用程序变换方法,该方法可用于实现操作系统无关的代码Shell化。该技术通过构建代码内置全局数据表和添加动态重定位代码,将代码对数据的绝对内存地址访问转化为对代码内部全局数据表的相对地址访问,重构了代码与数据之间的引用关系,解决了代码执行过程中对操作系统重定位机制依赖的问题,使得生成的Shellcode代码具有位置无关特性。在验证实验中,使用适用于不同操作系统的不同规模的工程源码对基于该技术实现的Shellcode生成系统进行了功能测试,并对比了Shell化前后代码功能的一致性、文件大小、函数数量和运行时间,实验结果表明基于该技术的Shellcode生成系统功能正常,具有较好的兼容性和通用性。

Shellcode generation technology is a program transformation technology that transforms programs from source form to binary form.This technology can be used to implement Shellcode generation,including Shellcode used in exploitation and functional Shellcode used in post-penetration period.This paper formally describes the relationship between code and data in the program and proposes a LLVM-based program transformation technology,which can be used to generate system-independent Shellcode.By constructing a built-in global data table and adding dynamic relocation code,this technology converts the access form of the code to the data from absolute memory address to relative memory address,eliminates the dependence of the relocation mechanism provided by operating system during code execution,and makes the generated Shellcode have good position-independent characteristics.In the experimental part,we test the function of our shellcode generation system based on this technology with different source code of different sizes under different operating systems.We also compare the consistency of the code function before and after the shellcode generation,as well as the file size,number of functions and execution time.Experiment results show that the shellcode generation system functions normally and has strong compatibility and versatility.