Talk:Return-oriented programming

This is the talk page for discussing improvements to the Return-oriented programming article.
This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic.
New to Wikipedia? Welcome! Learn to edit; get help.

Article policies

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

Computing: Software / CompSci Low‑importance

This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles

Low

This article has been rated as Low-importance on the project's importance scale.

This article is supported by WikiProject Software (assessed as Low-importance).

This article is supported by WikiProject Computer science (assessed as Mid-importance).

Things you can help WikiProject Computer science with:

Here are some tasks awaiting attention:

Article requests :
- Requested articles/Applied arts and sciences/Computer science, computing, and Internet
Cleanup :
- Computer science articles needing attention
- Computer science articles needing expert attention
Copyedit :
- Computing
Expand :
- Computer science
Infobox :
- Computer science articles without infoboxes
Maintain :
- Timeline of computing 2020–present
Photo :
- Find pictures for the biographies of computer scientists (see List of computer scientists)
- Computing articles needing images
Stubs :
- Computer science stubs
Unreferenced :
- WikiProject Computer science/Unreferenced BLPs
Project-related :
- Tag all relevant articles in Category:Computer science and sub-categories with {{WikiProject Computer science}}

Computer Security: Computing High‑importance

This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles

High

This article has been rated as High-importance on the project's importance scale.

This article is supported by WikiProject Computing.

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

Unnamed section #1[edit]

An early example: http://archives.neohapsis.com/archives/bugtraq/2000-05/0085.html 72.235.236.112 (talk) 17:41, 10 February 2010 (UTC)[reply]

Unnamed section #2[edit]

The kBouncer section needs an edit. The original kBouncer paper that was submitted to the Microsoft BlueHat competition did have a weakness in that it couldn't handle Jump-Oriented Programming. A more recent version of the system can actually detect JOP by looking for gadgets tied together with indirect branches. See the USENIX 2013 paper for details (https://www.usenix.org/conference/usenixsecurity13/technical-sessions/paper/pappas). — Preceding unsigned comment added by 68.33.1.247 (talk) 03:08, 27 March 2014 (UTC)[reply]

About KBouncer[edit]

KBouncer isn't heavy, it's the most light one it use the LBR stack to detect the gadgets before a Windows API call — Preceding unsigned comment added by 41.200.4.171 (talk) 23:17, 7 July 2015 (UTC)[reply]

Until the late 1990s, major operating systems did not offer any protection against these attacks; Microsoft Windows provided no buffer-overrun protections until 2004.[edit]

Begs the questions "Which major operating systems offered protection against buffer overrun attacks in the late 1990s?" and "What methods were used", and "What is a MAJOR operating system?" — Preceding unsigned comment added by 203.206.162.148 (talk) 07:14, 15 October 2015 (UTC)[reply]

Might be a good idea to merge this with Return to libc attack[edit]

https://en.wikipedia.org/wiki/Return-to-libc_attack

Return to libc attack is a specific usage of return oriented programming attack that doesnt have too many specifics to be a separate page. — Preceding unsigned comment added by Tetranoir (talk • contribs) 08:26, 9 April 2016 (UTC)[reply]

Nice history![edit]

Thank you author(s) for sharing this nice history on ROP. — Preceding unsigned comment added by Chintubrass (talk • contribs) 18:15, 28 March 2019 (UTC)[reply]

Function Level ASLR[edit]

Should we include a section about function level ASLR like: https://github.com/immunant/selfrando — Preceding unsigned comment added by Jgowdy (talk • contribs) 20:50, 29 January 2021 (UTC)[reply]

So... it has a name[edit]

so, using the stack to control the logic of a program has a name, but it is a valid programming technique especially when programming without RAM on some 8bit computers, it isn't only for breaching security. 120.21.9.209 (talk) 02:16, 12 June 2023 (UTC)[reply]

"The rise of 64-bit x86 processors brought with it a change to the subroutine calling convention that required the first argument to a function to be passed in a register instead of on the stack."[edit]

This does not seem a complete thought; if it is supposed to be one, it is not true. Instead, I think that this needs some sort of context to make it true, though I cannot image what it might be. 128.186.121.11 (talk) 20:27, 12 July 2023 (UTC)[reply]