The Dynamic Buffer Overflow Detection and Prevent ion Tool for Yindows Executables Using Binary Rewr iting

This paper presents novel buffer overflow countermeasure tool for Windows portable executables at run-time. Our tool enables dynamically detecting and preventing of stack-based buffer overflow attacks for Windows applications, using binary rewriting method. Our solution protects the return address area and the previous frame pointer area of function stack frame in program stack to prevent program control flow from being changed at execution time. Protecting the return address and previous frame pointer, we have used additional stack memory area that is called safe-zone, storing original return address and previous frame pointer values. We has revised function prologue and function epilogue. The revised function prologue stores copies of the return address and the previous frame pointer values to our safe-zone, and the revised function epilogue overwrites the return address and the previous frame pointer on the stack with copies of them. The paper presents performance analysis result of our solution. The result shows that the relative performance overhead is about 1.6-2.6% and additional constant space overhead is about 25 Kbytes.