{"id":477439,"date":"2023-08-09T09:14:50","date_gmt":"2023-08-09T09:14:50","guid":{"rendered":""},"modified":"2023-09-05T11:14:42","modified_gmt":"2023-09-05T11:14:42","slug":"heap-spraying","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/jp\/wiki\/heap-spraying\/","title":{"rendered":"\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc"},"content":{"rendered":"<p>\u30d2\u30fc\u30d7 \u30b9\u30d7\u30ec\u30fc\u306f\u3001\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf \u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u4e16\u754c\u3067\u5e83\u304f\u4f7f\u7528\u3055\u308c\u3066\u3044\u308b\u624b\u6cd5\u3067\u3059\u3002\u4e3b\u306b\u3001\u30d7\u30ed\u30bb\u30b9\u306e\u30d2\u30fc\u30d7 \u30e1\u30e2\u30ea\u306e\u9818\u57df\u3092\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u3067\u3042\u3075\u308c\u3055\u305b\u3001\u30d0\u30c3\u30d5\u30a1 \u30aa\u30fc\u30d0\u30fc\u30d5\u30ed\u30fc\u306a\u3069\u306e\u8106\u5f31\u6027\u304c\u60aa\u7528\u3055\u308c\u305f\u3068\u304d\u306b\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u304c\u5b9f\u884c\u3055\u308c\u308b\u53ef\u80fd\u6027\u3092\u9ad8\u3081\u307e\u3059\u3002<\/p>\n<h2>\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc\u306e\u6b74\u53f2\u3068\u305d\u306e\u6700\u521d\u306e\u8a00\u53ca<\/h2>\n<p>\u30d2\u30fc\u30d7 \u30b9\u30d7\u30ec\u30fc\u304c\u521d\u3081\u3066\u4e16\u9593\u306e\u6ce8\u76ee\u3092\u96c6\u3081\u305f\u306e\u306f\u30012000 \u5e74\u4ee3\u521d\u982d\u306b Matt Conover \u6c0f\u3068 Oded Horovitz \u6c0f\u304c\u57f7\u7b46\u3057\u305f\u300c\u30d2\u30fc\u30d7 \u30b9\u30d7\u30ec\u30fc: \u4e00\u822c\u7684\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306b\u5bfe\u6297\u3059\u308b\u30c6\u30af\u30cb\u30c3\u30af\u300d\u3068\u3044\u3046\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30da\u30fc\u30d1\u30fc\u3067\u3001\u3053\u306e\u8ad6\u6587\u306f\u516c\u958b\u3055\u308c\u307e\u3057\u305f\u3002\u30d2\u30fc\u30d7 \u30b9\u30d7\u30ec\u30fc\u306e\u59cb\u307e\u308a\u306f\u3001\u5b9f\u884c\u4e2d\u306e\u30d7\u30ed\u30bb\u30b9\u306e\u30a2\u30c9\u30ec\u30b9\u7a7a\u9593\u3092\u30e9\u30f3\u30c0\u30e0\u5316\u3059\u308b\u3088\u3046\u306b\u8a2d\u8a08\u3055\u308c\u305f\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30e1\u30ab\u30cb\u30ba\u30e0\u306e\u5b9f\u88c5\u304c\u5897\u3048\u3001\u653b\u6483\u8005\u304c\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u304c\u30e1\u30e2\u30ea\u5185\u306e\u3069\u3053\u306b\u914d\u7f6e\u3055\u308c\u308b\u304b\u3092\u4e88\u6e2c\u3059\u308b\u3053\u3068\u304c\u56f0\u96e3\u306b\u306a\u3063\u305f\u3053\u3068\u306b\u8d77\u56e0\u3057\u3066\u3044\u307e\u3059\u3002<\/p>\n<h2>\u8a71\u984c\u306e\u62e1\u5927: \u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc<\/h2>\n<p>\u30d2\u30fc\u30d7 \u30b9\u30d7\u30ec\u30fc\u306f\u3001\u4e3b\u306b\u30e1\u30e2\u30ea\u7834\u640d\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u307e\u3059\u3002\u305d\u306e\u76ee\u7684\u306f\u3001\u30d7\u30ed\u30bb\u30b9\u306e\u30d2\u30fc\u30d7\u3092\u64cd\u4f5c\u3057\u3066\u3001\u653b\u6483\u8005\u306e\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u304c\u30d7\u30ed\u30bb\u30b9\u306e\u5927\u304d\u306a\u30bb\u30b0\u30e1\u30f3\u30c8\u306b\u5e83\u304c\u308b\u3088\u3046\u306b\u3059\u308b\u3053\u3068\u3067\u3059\u3002\u3053\u308c\u306f\u3001\u30d2\u30fc\u30d7\u5185\u306b\u8907\u6570\u306e\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u307e\u305f\u306f\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u4f5c\u6210\u3057\u3001\u305d\u308c\u305e\u308c\u304c\u76ee\u7684\u306e\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u306e\u30b3\u30d4\u30fc\u3092\u4fdd\u6301\u3059\u308b\u3053\u3068\u3067\u884c\u308f\u308c\u307e\u3059\u3002<\/p>\n<p>\u3053\u306e\u624b\u6cd5\u306f\u3001\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u5b9f\u884c\u3092\u53ef\u80fd\u306b\u3059\u308b\u4ed6\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3068\u7d44\u307f\u5408\u308f\u305b\u3066\u4f7f\u7528\u3055\u308c\u308b\u3053\u3068\u304c\u3088\u304f\u3042\u308a\u307e\u3059\u3002\u305f\u3060\u3057\u3001\u3053\u308c\u3089\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306e\u554f\u984c\u306f\u3001\u5b9f\u884c\u3059\u308b\u30b3\u30fc\u30c9\u306e\u6b63\u78ba\u306a\u30e1\u30e2\u30ea\u4f4d\u7f6e\u3092\u77e5\u308b\u5fc5\u8981\u304c\u3042\u308b\u3053\u3068\u304c\u591a\u3044\u3053\u3068\u3067\u3059\u3002\u3055\u307e\u3056\u307e\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306b\u3088\u308a\u3001\u305d\u306e\u4f4d\u7f6e\u3092\u78ba\u8a8d\u3059\u308b\u306e\u304c\u56f0\u96e3\u306a\u5834\u5408\u304c\u3042\u308a\u307e\u3059\u3002\u30d2\u30fc\u30d7 \u30b9\u30d7\u30ec\u30fc\u306f\u3001\u30d2\u30fc\u30d7\u306e\u304b\u306a\u308a\u306e\u90e8\u5206\u3092\u5fc5\u8981\u306a\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u3067\u57cb\u3081\u308b\u3053\u3068\u3067\u3053\u306e\u554f\u984c\u3092\u89e3\u6c7a\u3057\u3001\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u306b\u3088\u3063\u3066\u30b3\u30fc\u30c9\u306e\u5b9f\u884c\u304c\u30c8\u30ea\u30ac\u30fc\u3055\u308c\u308b\u53ef\u80fd\u6027\u3092\u7d71\u8a08\u7684\u306b\u9ad8\u3081\u307e\u3059\u3002<\/p>\n<h2>\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc\u306e\u5185\u90e8\u69cb\u9020<\/h2>\n<p>\u30d2\u30fc\u30d7\u5674\u9727\u306f 2 \u6bb5\u968e\u306e\u30d7\u30ed\u30bb\u30b9\u3092\u901a\u3058\u3066\u6a5f\u80fd\u3057\u307e\u3059\u3002<\/p>\n<ol>\n<li>\n<p><strong>\u5674\u5c04<\/strong>: \u30d2\u30fc\u30d7 \u30e1\u30e2\u30ea\u306b\u306f\u3001\u5fc5\u8981\u306a\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u306e\u8907\u6570\u306e\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u304c\u57cb\u3081\u8fbc\u307e\u308c\u307e\u3059\u3002\u3053\u308c\u306f\u3001\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u3092\u683c\u7d0d\u3059\u308b\u30aa\u30d6\u30b8\u30a7\u30af\u30c8\u307e\u305f\u306f\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3092\u4f5c\u6210\u3057\u3001\u30d2\u30fc\u30d7\u306e\u7570\u306a\u308b\u30e1\u30e2\u30ea \u30a2\u30c9\u30ec\u30b9\u306b\u5272\u308a\u5f53\u3066\u308b\u3053\u3068\u306b\u3088\u3063\u3066\u884c\u308f\u308c\u307e\u3059\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u5f15\u304d\u91d1<\/strong>: \u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u3066\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002\u30e1\u30e2\u30ea\u304c\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u306e\u30a4\u30f3\u30b9\u30bf\u30f3\u30b9\u3067\u57cb\u3081\u5c3d\u304f\u3055\u308c\u3066\u3044\u308b\u305f\u3081\u3001\u5b9f\u884c\u3055\u308c\u308b\u30b3\u30fc\u30c9\u304c\u653b\u6483\u8005\u306e\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u3067\u3042\u308b\u53ef\u80fd\u6027\u304c\u5927\u5e45\u306b\u9ad8\u307e\u308a\u307e\u3059\u3002<\/p>\n<\/li>\n<\/ol>\n<h2>\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc\u306e\u4e3b\u306a\u7279\u5fb4<\/h2>\n<p>\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc\u306e\u4e3b\u306a\u7279\u5fb4\u306f\u6b21\u306e\u3068\u304a\u308a\u3067\u3059\u3002<\/p>\n<ul>\n<li>\u3053\u308c\u306f\u4e3b\u306b\u30da\u30a4\u30ed\u30fc\u30c9\u306b\u4f9d\u5b58\u3057\u306a\u3044\u305f\u3081\u3001\u4e8b\u5b9f\u4e0a\u3042\u3089\u3086\u308b\u7a2e\u985e\u306e\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u3092\u5b9f\u884c\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3067\u304d\u307e\u3059\u3002<\/li>\n<li>\u8106\u5f31\u6027\u3092\u60aa\u7528\u3057\u305f\u30b3\u30fc\u30c9\u5b9f\u884c\u304c\u6210\u529f\u3059\u308b\u53ef\u80fd\u6027\u304c\u5927\u5e45\u306b\u9ad8\u307e\u308a\u307e\u3059\u3002<\/li>\n<li>\u6b63\u78ba\u306a\u30e1\u30e2\u30ea \u30a2\u30c9\u30ec\u30b9\u306e\u77e5\u8b58\u3092\u5fc5\u8981\u3068\u3057\u306a\u3044\u305f\u3081\u3001\u30a2\u30c9\u30ec\u30b9\u7a7a\u9593\u30ec\u30a4\u30a2\u30a6\u30c8\u306e\u30e9\u30f3\u30c0\u30e0\u5316 (ASLR) \u306a\u3069\u306e\u7279\u5b9a\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u3092\u56de\u907f\u3057\u307e\u3059\u3002<\/li>\n<\/ul>\n<h2>\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc\u306e\u7a2e\u985e<\/h2>\n<p>\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc\u306b\u306f\u3044\u304f\u3064\u304b\u306e\u30d0\u30ea\u30a8\u30fc\u30b7\u30e7\u30f3\u304c\u3042\u308a\u3001\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc\u306b\u4f7f\u7528\u3059\u308b\u65b9\u6cd5\u306b\u3088\u3063\u3066\u305d\u308c\u305e\u308c\u7570\u306a\u308a\u307e\u3059\u3002\u6b21\u306b\u3044\u304f\u3064\u304b\u306e\u7a2e\u985e\u3092\u793a\u3057\u307e\u3059\u3002<\/p>\n<table>\n<thead>\n<tr>\n<th>\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc\u30bf\u30a4\u30d7<\/th>\n<th>\u8aac\u660e<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>\u30af\u30e9\u30b7\u30c3\u30af\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc<\/strong><\/td>\n<td>\u305d\u308c\u305e\u308c\u306b\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u304c\u542b\u307e\u308c\u308b\u30e1\u30e2\u30ea \u30d6\u30ed\u30c3\u30af\u3092\u7e70\u308a\u8fd4\u3057\u5272\u308a\u5f53\u3066\u307e\u3059\u3002<\/td>\n<\/tr>\n<tr>\n<td><strong>\u9023\u7d9a\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc<\/strong><\/td>\n<td>\u5927\u304d\u306a\u30e1\u30e2\u30ea \u30d6\u30ed\u30c3\u30af\u3092\u5272\u308a\u5f53\u3066\u3001\u305d\u3053\u306b\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u3092\u57cb\u3081\u8fbc\u307f\u307e\u3059\u3002<\/td>\n<\/tr>\n<tr>\n<td><strong>NOP\u30b9\u30ec\u30c3\u30c9\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc<\/strong><\/td>\n<td>\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u306e\u524d\u306b NOP \u30b9\u30ec\u30c3\u30c9 (\u4e00\u9023\u306e\u7121\u64cd\u4f5c\u547d\u4ee4) \u3092\u4f7f\u7528\u3057\u3066\u3001\u6210\u529f\u7387\u3092\u9ad8\u3081\u307e\u3059\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc\u306e\u4f7f\u7528\u65b9\u6cd5\u3001\u554f\u984c\u70b9\u3001\u89e3\u6c7a\u7b56<\/h2>\n<p>\u30d2\u30fc\u30d7 \u30b9\u30d7\u30ec\u30fc\u306f\u4e3b\u306b\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u306e\u60aa\u7528\u3001\u5177\u4f53\u7684\u306b\u306f\u30e1\u30e2\u30ea\u7834\u640d\u306e\u8106\u5f31\u6027\u3092\u60aa\u7528\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3055\u308c\u307e\u3059\u3002\u4efb\u610f\u306e\u30b3\u30fc\u30c9\u5b9f\u884c\u3092\u53ef\u80fd\u306b\u3059\u308b\u8106\u5f31\u6027\u3068\u7d44\u307f\u5408\u308f\u305b\u308b\u3068\u7279\u306b\u5f37\u529b\u306a\u624b\u6cd5\u3068\u306a\u308a\u307e\u3059\u3002<\/p>\n<p>\u305f\u3060\u3057\u3001\u30d2\u30fc\u30d7 \u30b9\u30d7\u30ec\u30fc\u306e\u4f7f\u7528\u306b\u306f\u8ab2\u984c\u304c\u306a\u3044\u308f\u3051\u3067\u306f\u3042\u308a\u307e\u305b\u3093\u3002 1 \u3064\u306e\u554f\u984c\u306f\u3001\u30d2\u30fc\u30d7 \u30b5\u30a4\u30ba\u304c\u5927\u304d\u304f\u306a\u308b\u306b\u3064\u308c\u3066\u3001\u3053\u306e\u624b\u6cd5\u304c\u691c\u51fa\u3057\u3084\u3059\u304f\u306a\u308b\u3053\u3068\u3067\u3059\u3002 \u3082\u3046 1 \u3064\u306e\u8ab2\u984c\u306f\u3001ASLR \u3084 DEP (\u30c7\u30fc\u30bf\u5b9f\u884c\u9632\u6b62) \u306a\u3069\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u7de9\u548c\u624b\u6cd5\u306e\u5b9f\u88c5\u304c\u5897\u3048\u3001\u30d2\u30fc\u30d7\u304b\u3089\u306e\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u306e\u5b9f\u884c\u304c\u56f0\u96e3\u306b\u306a\u308b\u3053\u3068\u3067\u3059\u3002<\/p>\n<p>\u3053\u308c\u3089\u306e\u8ab2\u984c\u3092\u514b\u670d\u3059\u308b\u305f\u3081\u306b\u3001\u653b\u6483\u8005\u306f\u3001\u30b8\u30e3\u30b9\u30c8\u30a4\u30f3\u30bf\u30a4\u30e0 \u30b3\u30f3\u30d1\u30a4\u30e9\u30fc\u3092\u6d3b\u7528\u3057\u3066\u30d2\u30fc\u30d7\u3092\u5b9f\u884c\u53ef\u80fd\u306b\u3059\u308b JIT \u30b9\u30d7\u30ec\u30fc\u306a\u3069\u306e\u3001\u3088\u308a\u6d17\u7df4\u3055\u308c\u305f\u30d2\u30fc\u30d7 \u30b9\u30d7\u30ec\u30fc\u624b\u6cd5\u306b\u983c\u308b\u3053\u3068\u304c\u3042\u308a\u307e\u3059\u3002\u4e00\u65b9\u3001\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5c02\u9580\u5bb6\u306f\u3001\u5e38\u306b\u65b0\u3057\u3044\u7de9\u548c\u624b\u6cd5\u3092\u6539\u5584\u3057\u3001\u958b\u767a\u3059\u308b\u5fc5\u8981\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<h2>\u4e3b\u306a\u7279\u5fb4\u3068\u985e\u4f3c\u7528\u8a9e\u3068\u306e\u6bd4\u8f03<\/h2>\n<p>\u30d2\u30fc\u30d7 \u30b9\u30d7\u30ec\u30fc\u306f\u3001\u30b9\u30bf\u30c3\u30af \u30b9\u30de\u30c3\u30b7\u30f3\u30b0\u3084\u30ea\u30bf\u30fc\u30f3\u6307\u5411\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0 (ROP) \u306a\u3069\u306e\u985e\u4f3c\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u624b\u6cd5\u3068\u3088\u304f\u6bd4\u8f03\u3055\u308c\u3001\u5bfe\u6bd4\u3055\u308c\u307e\u3059\u3002<\/p>\n<table>\n<thead>\n<tr>\n<th>\u6280\u8853<\/th>\n<th>\u8aac\u660e<\/th>\n<th>\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc\u3068\u306e\u985e\u4f3c\u70b9\/\u76f8\u9055\u70b9<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td><strong>\u30b9\u30bf\u30c3\u30af\u30b9\u30de\u30c3\u30b7\u30f3\u30b0<\/strong><\/td>\n<td>\u30d7\u30ed\u30b0\u30e9\u30e0\u306e\u5b9f\u884c\u3092\u5909\u66f4\u3059\u308b\u305f\u3081\u306b\u30b9\u30bf\u30c3\u30af\u3092\u7834\u58ca\u3057\u307e\u3059\u3002<\/td>\n<td>\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc\u3068\u306f\u7570\u306a\u308a\u3001\u30b9\u30bf\u30c3\u30af\u30b9\u30de\u30c3\u30b7\u30f3\u30b0\u3067\u306f\u6b63\u78ba\u306a\u30e1\u30e2\u30ea\u30ec\u30a4\u30a2\u30a6\u30c8\u306b\u95a2\u3059\u308b\u77e5\u8b58\u304c\u5fc5\u8981\u3067\u3059\u3002<\/td>\n<\/tr>\n<tr>\n<td><strong>\u30ea\u30bf\u30fc\u30f3\u6307\u5411\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0 (ROP)<\/strong><\/td>\n<td>\u65e2\u5b58\u306e\u30b3\u30fc\u30c9 \u30b9\u30cb\u30da\u30c3\u30c8 (\u30ac\u30b8\u30a7\u30c3\u30c8) \u3092\u4f7f\u7528\u3057\u3066\u60aa\u610f\u306e\u3042\u308b\u30a2\u30af\u30b7\u30e7\u30f3\u3092\u5b9f\u884c\u3057\u307e\u3059\u3002<\/td>\n<td>ROP \u306f\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc\u3068\u540c\u69d8\u306b DEP \u3092\u30d0\u30a4\u30d1\u30b9\u3067\u304d\u307e\u3059\u304c\u3001\u30e1\u30e2\u30ea\u3092\u30b7\u30a7\u30eb\u30b3\u30fc\u30c9\u3067\u57cb\u3081\u308b\u5fc5\u8981\u306f\u3042\u308a\u307e\u305b\u3093\u3002<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc\u306b\u95a2\u3059\u308b\u5c06\u6765\u306e\u5c55\u671b\u3068\u6280\u8853<\/h2>\n<p>\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc\u306f\u4f9d\u7136\u3068\u3057\u3066\u8105\u5a01\u3067\u3059\u304c\u3001\u5c06\u6765\u7684\u306b\u306f\u3088\u308a\u52b9\u679c\u7684\u306a\u7de9\u548c\u6226\u7565\u304c\u671f\u5f85\u3055\u308c\u307e\u3059\u3002\u5236\u5fa1\u30d5\u30ed\u30fc\u6574\u5408\u6027 (CFI) \u3084\u6539\u826f\u3055\u308c\u305f ASLR \u306a\u3069\u306e\u6280\u8853\u306b\u3088\u308a\u3001\u8106\u5f31\u6027\u306e\u60aa\u7528\u304c\u3055\u3089\u306b\u56f0\u96e3\u306b\u306a\u308a\u307e\u3059\u3002\u3055\u3089\u306b\u3001\u6a5f\u68b0\u5b66\u7fd2\u3084 AI \u30a2\u30eb\u30b4\u30ea\u30ba\u30e0\u3092\u4f7f\u7528\u3057\u3066\u3001\u30d2\u30fc\u30d7\u5185\u306e\u7570\u5e38\u306a\u52d5\u4f5c\u3092\u3088\u308a\u9069\u5207\u306b\u691c\u51fa\u3067\u304d\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3059\u3002<\/p>\n<p>\u4e00\u65b9\u3001\u30c6\u30af\u30ce\u30ed\u30b8\u30fc\u304c\u9032\u6b69\u3059\u308b\u306b\u3064\u308c\u3066\u3001\u653b\u6483\u8005\u306f JIT \u30b9\u30d7\u30ec\u30fc\u3084\u89e3\u653e\u5f8c\u4f7f\u7528\u306e\u8106\u5f31\u6027\u306a\u3069\u306e\u3088\u308a\u9ad8\u5ea6\u306a\u624b\u6cd5\u306b\u983c\u308b\u3088\u3046\u306b\u306a\u308a\u3001\u72ec\u81ea\u306e\u8ab2\u984c\u304c\u751f\u3058\u307e\u3059\u3002<\/p>\n<h2>\u30d7\u30ed\u30ad\u30b7\u30b5\u30fc\u30d0\u30fc\u3068\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc<\/h2>\n<p>\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u81ea\u4f53\u306f\u30d2\u30fc\u30d7 \u30b9\u30d7\u30ec\u30fc\u3068\u306f\u76f4\u63a5\u95a2\u4fc2\u3042\u308a\u307e\u305b\u3093\u304c\u3001\u30d2\u30fc\u30d7 \u30b9\u30d7\u30ec\u30fc\u3092\u4f7f\u7528\u3059\u308b\u653b\u6483\u306e\u5b9f\u884c\u3068\u7de9\u548c\u306e\u4e21\u65b9\u306b\u304a\u3044\u3066\u5f79\u5272\u3092\u679c\u305f\u3059\u53ef\u80fd\u6027\u304c\u3042\u308a\u307e\u3059\u3002<\/p>\n<p>\u653b\u6483\u8005\u306e\u89b3\u70b9\u304b\u3089\u898b\u308b\u3068\u3001\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u653b\u6483\u8005\u306e\u6240\u5728\u5730\u3092\u96a0\u3057\u3001\u653b\u6483\u306e\u8ffd\u8de1\u3092\u56f0\u96e3\u306b\u3059\u308b\u305f\u3081\u306b\u4f7f\u7528\u3067\u304d\u307e\u3059\u3002\u9632\u5fa1\u5074\u3067\u306f\u3001\u30d7\u30ed\u30ad\u30b7 \u30b5\u30fc\u30d0\u30fc\u306f\u5927\u898f\u6a21\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30a4\u30f3\u30d5\u30e9\u30b9\u30c8\u30e9\u30af\u30c1\u30e3\u306e\u4e00\u90e8\u3068\u306a\u308a\u3001\u30c8\u30e9\u30d5\u30a3\u30c3\u30af \u30c7\u30fc\u30bf\u3092\u30ed\u30b0\u306b\u8a18\u9332\u3057\u3066\u5206\u6790\u3067\u304d\u308b\u305f\u3081\u3001\u7570\u5e38\u306a\u52d5\u4f5c\u3084\u6f5c\u5728\u7684\u306a\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u3092\u65e9\u671f\u306b\u691c\u51fa\u3059\u308b\u306e\u306b\u5f79\u7acb\u3061\u307e\u3059\u3002<\/p>\n<h2>\u95a2\u9023\u30ea\u30f3\u30af<\/h2>\n<p>\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc\u304a\u3088\u3073\u95a2\u9023\u30c8\u30d4\u30c3\u30af\u306e\u8a73\u7d30\u306b\u3064\u3044\u3066\u306f\u3001\u6b21\u306e\u30ea\u30bd\u30fc\u30b9\u3092\u53c2\u7167\u3057\u3066\u304f\u3060\u3055\u3044\u3002<\/p>\n<ul>\n<li>Conover, M.\u3001Horovitz, O. (2004)\u3002\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc: \u4e00\u822c\u7684\u306a\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u306b\u5bfe\u6297\u3059\u308b\u30c6\u30af\u30cb\u30c3\u30af\u3002\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30da\u30fc\u30d1\u30fc\u3002<\/li>\n<li>OWASP (Open Web Application Security Project) \u306e\u300c\u30d2\u30fc\u30d7 \u30b9\u30d7\u30ec\u30fc\u300d: <a href=\"https:\/\/www.owasp.org\/index.php\/Heap_spraying\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/www.owasp.org\/index.php\/Heap_spraying<\/a><\/li>\n<li>Mozilla Developer Network (MDN) \u306e\u300c\u30e1\u30e2\u30ea\u306e\u5b89\u5168\u6027\u300d: <a href=\"https:\/\/developer.mozilla.org\/en-US\/docs\/Memory_safety\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/developer.mozilla.org\/en-US\/docs\/Memory_safety<\/a><\/li>\n<li>Microsoft \u30bb\u30ad\u30e5\u30ea\u30c6\u30a3 \u30ec\u30b9\u30dd\u30f3\u30b9 \u30bb\u30f3\u30bf\u30fc (MSRC) \u306e\u300cWindows 8 \u3067\u306e\u30a8\u30af\u30b9\u30d7\u30ed\u30a4\u30c8\u7de9\u548c\u6a5f\u80fd\u306e\u6539\u5584\u300d: <a href=\"https:\/\/msrc.microsoft.com\/update-guide\/en-us\/\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/msrc.microsoft.com\/update-guide\/en-us\/<\/a><\/li>\n<\/ul>\n<p>\u30d2\u30fc\u30d7\u30b9\u30d7\u30ec\u30fc\u3084\u985e\u4f3c\u306e\u624b\u6cd5\u3092\u6df1\u304f\u7406\u89e3\u3059\u308b\u306b\u306f\u3001\u30b3\u30f3\u30d4\u30e5\u30fc\u30bf\u306e\u30e1\u30e2\u30ea\u7ba1\u7406\u3068\u30d7\u30ed\u30b0\u30e9\u30df\u30f3\u30b0\u8a00\u8a9e\u306b\u95a2\u3059\u308b\u5341\u5206\u306a\u77e5\u8b58\u304c\u5fc5\u8981\u3067\u3042\u308b\u3053\u3068\u306b\u6ce8\u610f\u3057\u3066\u304f\u3060\u3055\u3044\u3002\u5e38\u306b\u6700\u65b0\u306e\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u5bfe\u7b56\u3068\u8efd\u6e1b\u6226\u7565\u3092\u6700\u65b0\u306e\u72b6\u614b\u306b\u4fdd\u3063\u3066\u304f\u3060\u3055\u3044\u3002<\/p>","protected":false},"featured_media":468529,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-477439","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>Heap Spraying: A Detailed Analysis<\/mark>","faq_items":[{"question":"What is Heap Spraying?","answer":"<p>Heap Spraying is a technique used in computer exploitation. It involves flooding a region of a process's heap memory with shellcode to increase the likelihood of executing arbitrary code when vulnerabilities are exploited.<\/p>"},{"question":"Who first introduced Heap Spraying?","answer":"<p>Heap spraying was first introduced in a security paper written by Matt Conover and Oded Horovitz, published in the early 2000s.<\/p>"},{"question":"How does Heap Spraying work?","answer":"<p>Heap spraying functions through a two-step process: the Spray and the Trigger. During the spray, the heap memory is filled with multiple instances of the desired shellcode. The trigger is then used to exploit a vulnerability, executing arbitrary code. Since the memory has been filled with instances of the shellcode, the likelihood that the executed code will be the attacker's shellcode is significantly increased.<\/p>"},{"question":"What are some key features of Heap Spraying?","answer":"<p>Heap spraying is payload-agnostic, it increases the probability of successful code execution, and it bypasses certain security measures like address space layout randomization (ASLR) by not requiring knowledge of exact memory addresses.<\/p>"},{"question":"What are the types of Heap Spraying?","answer":"<p>Heap spraying can be divided into types based on the methods used to spray the heap, including Classic Heap Spraying, Sequential Heap Spraying, and NOP-sled Heap Spraying.<\/p>"},{"question":"What problems are associated with Heap Spraying and how can they be solved?","answer":"<p>As heap size increases, heap spraying becomes more detectable and mitigation techniques like ASLR and DEP make executing shellcode from the heap more difficult. To overcome these challenges, attackers may resort to more sophisticated methods of heap spraying, such as JIT spraying. On the defensive side, constant improvement and development of new mitigation techniques are necessary.<\/p>"},{"question":"How do Heap Spraying and Proxy Servers relate?","answer":"<p>While proxy servers themselves are not directly associated with heap spraying, they can play a role in both the perpetration and mitigation of attacks that use heap spraying. Proxy servers can be used by attackers to hide their location and by defenders to log traffic data for analysis, which can help in detecting potential exploits.<\/p>"},{"question":"What are some resources for further information about Heap Spraying?","answer":"<p>Resources include security papers such as \"Heap Spraying: A Technique to Counter Common Security Measures\" by Conover and Horovitz, OWASP, Mozilla Developer Network (MDN), and the Microsoft Security Response Center (MSRC).<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki\/477439","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/wiki\/477439\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/media\/468529"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/jp\/wp-json\/wp\/v2\/media?parent=477439"}],"curies":[{"name":"\u3046\u30fc\u3093","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}