{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,24]],"date-time":"2025-08-24T01:30:09Z","timestamp":1755999009773,"version":"3.40.3"},"publisher-location":"Cham","reference-count":50,"publisher":"Springer Nature Switzerland","isbn-type":[{"type":"print","value":"9783031708954"},{"type":"electronic","value":"9783031708961"}],"license":[{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"},{"start":{"date-parts":[[2024,1,1]],"date-time":"2024-01-01T00:00:00Z","timestamp":1704067200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springernature.com\/gp\/researchers\/text-and-data-mining"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2024]]},"DOI":"10.1007\/978-3-031-70896-1_7","type":"book-chapter","created":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T12:03:57Z","timestamp":1725537837000},"page":"130-152","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["TGRop: Top Gun of\u00a0Return-Oriented Programming Automation"],"prefix":"10.1007","author":[{"given":"Nanyu","family":"Zhong","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Yueqi","family":"Chen","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-4787-4832","authenticated-orcid":false,"given":"Yanyan","family":"Zou","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Xinyu","family":"Xing","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jinwei","family":"Dong","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Bingcheng","family":"Xian","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jiaxu","family":"Zhao","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Menghao","family":"Li","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Binghong","family":"Liu","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0000-7121-1196","authenticated-orcid":false,"given":"Wei","family":"Huo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2024,9,6]]},"reference":[{"key":"7_CR1","doi-asserted-by":"publisher","first-page":"1","DOI":"10.1145\/1609956.1609960","volume":"13","author":"M Abadi","year":"2009","unstructured":"Abadi, M., Budiu, M., Erlingsson, U., Ligatti, J.: Control-flow integrity principles, implementations, and applications. ACM Trans. Inf. Syst. Secur. (TISSEC) 13, 1\u201340 (2009)","journal-title":"ACM Trans. Inf. Syst. Secur. (TISSEC)"},{"key":"7_CR2","doi-asserted-by":"crossref","unstructured":"Angelini, M., et al.: Visually assisting the creation of ROP-based exploits. In: 2018 IEEE Symposium on Visualization for Cyber Security (VizSec) (2018)","DOI":"10.1109\/VIZSEC.2018.8709204"},{"key":"7_CR3","unstructured":"Angr. Angr github. https:\/\/github.com\/angr\/angr. Last updated on Sept 1 2023"},{"key":"7_CR4","unstructured":"Angrop. Angrop Github. https:\/\/github.com\/angr\/angrop. Last updated on Mar 23 2024"},{"key":"7_CR5","doi-asserted-by":"crossref","unstructured":"Bosman, E., Bos, H.: Framing signals-a return to portable shellcode. In: 2014 IEEE Symposium on Security and Privacy. IEEE (2014)","DOI":"10.1109\/SP.2014.23"},{"key":"7_CR6","doi-asserted-by":"crossref","unstructured":"Burow, N., et al.: Control-flow integrity: precision, security, and performance. ACM Comput. Surv. (CSUR) (2017)","DOI":"10.1145\/3054924"},{"key":"7_CR7","doi-asserted-by":"crossref","unstructured":"Cha, S.K., Avgerinos, T., Rebert, A., Brumley, D.: Unleashing mayhem on binary code. In: 2012 IEEE Symposium on Security and Privacy (2012)","DOI":"10.1109\/SP.2012.31"},{"key":"7_CR8","unstructured":"Chen, K., Zhang, C., Yin, T., Chen, X., Zhao, L.: $$\\{$$VScape$$\\}$$: assessing and escaping virtual call protections. In: 30th USENIX Security Symposium (USENIX Security 21), pp. 1719\u20131736 (2021)"},{"key":"7_CR9","doi-asserted-by":"crossref","unstructured":"Cloosters, T., et al.: RiscyROP: automated return-oriented programming attacks on RISC-V and ARM64. In: Proceedings of the 25th International Symposium on Research in Attacks, Intrusions and Defenses (2022)","DOI":"10.1145\/3545948.3545997"},{"key":"7_CR10","unstructured":"DeMarinis, N., Williams-King, K., Jin, D., Fonseca, R., Kemerlis, V.P.: Sysfilter: automated system call filtering for commodity software. In: 23rd International Symposium on Research in Attacks, Intrusions and Defenses (RAID 2020) (2020)"},{"key":"7_CR11","unstructured":"Esser, S.: Utilizing Code Reuse\/ROP in PHP Application Exploits. BlackHat USA (2010)"},{"key":"7_CR12","unstructured":"GCC. GCC 11.1.0 Optimize Options. https:\/\/gcc.gnu.org\/onlinedocs\/gcc-11.1.0\/gcc\/Optimize-Options.html#:~:text=-fzero-call-used-regs%3Dchoice. Last updated on Apr 27 2021"},{"key":"7_CR13","unstructured":"GDB. GDB: The GNU Project Debugger. https:\/\/www.sourceware.org\/gdb\/. Last updated on Mar 14 2024"},{"key":"7_CR14","unstructured":"Godefroid, P., Levin, M.Y., Molnar, D.A., et\u00a0al.: Automated whitebox fuzz testing. In: NDSS (2008)"},{"key":"7_CR15","doi-asserted-by":"crossref","unstructured":"Honap, A.M., Lee, W.: Hiding Kernel level rootkits using buffer overflow and return oriented programming. In: Information Systems Security: 13th International Conference, ICISS 2017 (2017)","DOI":"10.1007\/978-3-319-72598-7_7"},{"key":"7_CR16","doi-asserted-by":"crossref","unstructured":"Hu, H., Shinde, S., Adrian, S., Chua, Z.L., Saxena, P., Liang, Z.: Data-oriented programming: on the expressiveness of non-control data attacks. In: 2016 IEEE Symposium on Security and Privacy (SP), pp. 969\u2013986. IEEE (2016)","DOI":"10.1109\/SP.2016.62"},{"key":"7_CR17","unstructured":"Hund, R., Holz, T., Freiling, F.C.: Bypassing kernel code integrity protection mechanisms. In: USENIX Security Symposium, Return-Oriented Rootkits (2009)"},{"key":"7_CR18","doi-asserted-by":"crossref","unstructured":"Ispoglou, K.K., AlBassam, B., Jaeger, T., Payer, M.: Block oriented programming: automating data-only attacks. In: Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security (2018)","DOI":"10.1145\/3243734.3243739"},{"key":"7_CR19","doi-asserted-by":"crossref","unstructured":"Li, Y., Wang, M., Zhang, C., Chen, X., Yang, S., Liu, Y.: Finding cracks in shields: on the security of control flow integrity mechanisms. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (2020)","DOI":"10.1145\/3372297.3417867"},{"key":"7_CR20","unstructured":"Linux. Linux kernel 5.15 hardening. https:\/\/lkml.iu.edu\/hypermail\/linux\/kernel\/2108.3\/06332.html. Last updated on Aug 30 2021"},{"key":"7_CR21","unstructured":"LLVM. clang 15.0.0 Release Notes. https:\/\/releases.llvm.org\/15.0.0\/tools\/clang\/docs\/ReleaseNotes.html#major-new-features. Last updated on Feb 10 2023"},{"key":"7_CR22","unstructured":"Alexey\u00a0Nurmukhametov M\u00a0Ramdhan. Exrop Github. https:\/\/github.com\/d4em0n\/exrop. Last updated on Feb 21 2020"},{"key":"7_CR23","unstructured":"Marco-Gisbert, H., Ripoll, I.: Return-to-CSU: a new method to bypass 64-bit Linux ASLR. In: Black Hat Asia 2018 (2018)"},{"key":"7_CR24","unstructured":"Molinyawe, M., Hariri, A.-A., Spelman, J.: From Browser to System Compromise. Pwn2Own 2016 (2016)"},{"key":"7_CR25","doi-asserted-by":"crossref","unstructured":"Mortimer, T.: Removing ROP Gadgets from OpenBSD. In: Proceedings of the AsiaBSDCon (2019)","DOI":"10.25263\/asiabsdcon2019\/p01b"},{"key":"7_CR26","unstructured":"OpenBSD. OpenBSD 6.3 Changelog. https:\/\/www.openbsd.org\/63.html. Accessed 06 May 2020"},{"key":"7_CR27","unstructured":"OpenBSD. OpenBSD 6.4 Changelog. https:\/\/www.openbsd.org\/64.html. Last updated on Oct 08 2021"},{"key":"7_CR28","unstructured":"OpenBSD. OpenBSD 6.5 Changelog. https:\/\/www.openbsd.org\/65.html. Last updated on Mar 15 2021"},{"key":"7_CR29","unstructured":"OpenSSH. OpenSSH 9.0 Release. https:\/\/www.openssh.com\/txt\/release-9.0. Last updated on Apr 08 2022"},{"key":"7_CR30","unstructured":"Project Zero. Over The Air: Exploiting Broadcom\u2019s Wi-Fi Stack. https:\/\/googleprojectzero.blogspot.com\/2017\/04\/over-air-exploiting-broadcoms-wi-fi_11.html. Last updated on Apr 11 2017"},{"key":"7_CR31","unstructured":"Qais\u00a0Temeiza, D.O.: Breaking Bootloaders on the Cheap. Blackhat Europe (2019)"},{"key":"7_CR32","unstructured":"ROPgadget. ROPgadget Github. https:\/\/github.com\/JonathanSalwan\/ROPgadget. Last updated on Sep 1, 2023"},{"key":"7_CR33","unstructured":"Ropium. Ropium Github. https:\/\/github.com\/Boyan-MILANOV\/ropium. Last updated on Jan 10, 2022"},{"key":"7_CR34","unstructured":"Ropium. Ropium speech. https:\/\/www.youtube.com\/watch?v=rz7Z9fBLVs0&ab_channel=GreHack. Last updated on November 16, 2018"},{"key":"7_CR35","unstructured":"Ropper. Ropper Github. https:\/\/github.com\/sashs\/Ropper. Last updated on Jan 12, 2024"},{"key":"7_CR36","unstructured":"Moritz Schloegel. SGC Github. https:\/\/github.com\/RUB-SysSec\/gadget_synthesis. Last updated on Sep 1, 2023"},{"key":"7_CR37","doi-asserted-by":"crossref","unstructured":"Schloegel, M., Blazytko, T., Basler, J., Hemmer, F., Holz, T.: Towards automating code-reuse attacks using synthesized gadget chains. In: Computer Security\u2013ESORICS 2021: 26th European Symposium on Research in Computer Security (2021)","DOI":"10.1007\/978-3-030-88418-5_11"},{"key":"7_CR38","doi-asserted-by":"crossref","unstructured":"Schuster, F., Tendyck, T., Liebchen, C., Davi, L., Sadeghi, A.R., Holz, T.: Counterfeit object-oriented programming: on the difficulty of preventing code reuse attacks in C++ applications. In: 2015 IEEE Symposium on Security and Privacy. IEEE (2015)","DOI":"10.1109\/SP.2015.51"},{"key":"7_CR39","unstructured":"Schwartz, E.J., Avgerinos, T., Brumley, D.: Q: exploit hardening made easy. In: USENIX Security Symposium (2011)"},{"key":"7_CR40","doi-asserted-by":"crossref","unstructured":"Schwartz, E.J., Cohen, C.F., Gennari, J,.S., Schwartz, S.M.: A generic technique for automatically finding defense-aware code reuse attacks. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security (2020)","DOI":"10.1145\/3372297.3417234"},{"key":"7_CR41","doi-asserted-by":"crossref","unstructured":"Shacham, H.: The geometry of innocent flesh on the bone: return-into-libc without function calls (on the x86). In: Proceedings of the 14th ACM conference on Computer and communications security (2007)","DOI":"10.1145\/1315245.1315313"},{"key":"7_CR42","doi-asserted-by":"crossref","unstructured":"van\u00a0der Veen, V., Andriesse, D., Stamatogiannakis, M., Chen, X., Bos, H., Giuffrdia, C.: The dynamics of innocent flesh on the bone: code reuse ten years later. In: Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security, pp. 1675\u20131689 (2017)","DOI":"10.1145\/3133956.3134026"},{"key":"7_CR43","unstructured":"Vanegue, J., Heelan, S., Rolles, R.: SMT solvers in software security. WOOT (2012)"},{"key":"7_CR44","unstructured":"Vishnyakov, A.: ROP-benchmark Github. https:\/\/github.com\/ispras\/rop-benchmark. Last updated on Sep 1, 2023"},{"key":"7_CR45","doi-asserted-by":"crossref","unstructured":"Nurmukhametov, A.R., Vishnyakov A.V.: Survey of methods for automated code-reuse exploit generation. Program. Comput. Software (2021)","DOI":"10.1134\/S0361768821040071"},{"key":"7_CR46","unstructured":"Wu, W., Chen, Y., Xing, X., Zou, W.: KEPLER: facilitating control-flow hijacking primitive evaluation for linux kernel vulnerabilities. In: 28th USENIX Security Symposium (USENIX Security) (2019)"},{"key":"7_CR47","doi-asserted-by":"crossref","unstructured":"Xu, J., Di\u00a0Bartolomeo, L., Toffalini, F., Mao, B., Payer, M.: Warpattack: bypassing CFI through compiler-introduced double-fetches. In: 2023 IEEE Symposium on Security and Privacy (SP), pp. 1271\u20131288. IEEE (2023)","DOI":"10.1109\/SP46215.2023.10179433"},{"key":"7_CR48","unstructured":"Z3. Z3 Github. https:\/\/github.com\/Z3Prover\/z3. Last updated on Sep 1, 2023"},{"key":"7_CR49","unstructured":"Qing Zhao. Security Improvements in GCC 11 and GCC 12. https:\/\/lpc.events\/event\/11\/contributions\/1001\/attachments\/882\/1690\/LPC_security_gcc_temp.pdf. Last updated on Sep 20 2021"},{"key":"7_CR50","unstructured":"ZoEplA. TGRop Github. https:\/\/github.com\/ZoEplA\/TGRop. Last updated on Oct 17, 2023"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2024"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-031-70896-1_7","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2024,9,5]],"date-time":"2024-09-05T12:07:51Z","timestamp":1725538071000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-031-70896-1_7"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2024]]},"ISBN":["9783031708954","9783031708961"],"references-count":50,"URL":"https:\/\/doi.org\/10.1007\/978-3-031-70896-1_7","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2024]]},"assertion":[{"value":"6 September 2024","order":1,"name":"first_online","label":"First Online","group":{"name":"ChapterHistory","label":"Chapter History"}},{"value":"ESORICS","order":1,"name":"conference_acronym","label":"Conference Acronym","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"European Symposium on Research in Computer Security","order":2,"name":"conference_name","label":"Conference Name","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Bydgoszcz","order":3,"name":"conference_city","label":"Conference City","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"Poland","order":4,"name":"conference_country","label":"Conference Country","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"2024","order":5,"name":"conference_year","label":"Conference Year","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"16 September 2024","order":7,"name":"conference_start_date","label":"Conference Start Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"20 September 2024","order":8,"name":"conference_end_date","label":"Conference End Date","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"29","order":9,"name":"conference_number","label":"Conference Number","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"esorics2024","order":10,"name":"conference_id","label":"Conference ID","group":{"name":"ConferenceInfo","label":"Conference Information"}},{"value":"https:\/\/esorics2024.org","order":11,"name":"conference_url","label":"Conference URL","group":{"name":"ConferenceInfo","label":"Conference Information"}}]}}