> For the complete documentation index, see [llms.txt](https://firmianay.gitbook.io/ctf-all-in-one/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian.md).

# 八、学术篇

- [8.1 The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.1_ret2libc_without_calls.md)
- [8.2 Return-Oriented Programming without Returns](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.2_rop_without_ret.md)
- [8.3 Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.3_rop_rootkits.md)
- [8.4 ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.4_ropdefender.md)
- [8.5 Data-Oriented Programming: On the Expressiveness of Non-Control Data Attacks](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.5_dop.md)
- [8.7 What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.7_jit-rop_defenses.md)
- [8.9 Symbolic Execution for Software Testing: Three Decades Later](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.9_symbolic_execution.md)
- [8.10 AEG: Automatic Exploit Generation](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.10_aeg.md)
- [8.11 Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Softwa](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.11_aslp.md)
- [8.13 New Frontiers of Reverse Engineering](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.13_reverse_engineering.md)
- [8.14 Who Allocated My Memory? Detecting Custom Memory Allocators in C Binaries](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.14_detecting_memory_allocators.md)
- [8.21 Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.21_tracing_to_detect_spraying.md)
- [8.22 Practical Memory Checking With Dr. Memory](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.22_memory_checking.md)
- [8.23 Evaluating the Effectiveness of Current Anti-ROP Defenses](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.23_current_anti-rop.md)
- [8.24 How to Make ASLR Win the Clone Wars: Runtime Re-Randomization](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.24_runtime_re-randomization.md)
- [8.25 (State of) The Art of War: Offensive Techniques in Binary Analysis](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.25_angr.md)
- [8.26 Driller: Augmenting Fuzzing Through Selective Symbolic Execution](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.26_driller.md)
- [8.27 Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.27_firmalice.md)
- [8.28 Cross-Architecture Bug Search in Binary Executables](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.28_cross_arch_bug.md)
- [8.29 Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.29_dynamic_hooks.md)
- [8.30 Preventing brute force attacks against stack canary protection on networking servers](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.30_prevent_brute_force_canary.md)
- [8.33 Under-Constrained Symbolic Execution: Correctness Checking for Real Code](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.33_ucklee.md)
- [8.34 Enhancing Symbolic Execution with Veritesting](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.34_veritesting.md)
- [8.38 TaintEraser: Protecting Sensitive Data Leaks Using Application-Level Taint Tracking](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.38_tainteraser.md)
- [8.39 DART: Directed Automated Random Testing](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.39_dart.md)
- [8.40 EXE: Automatically Generating Inputs of Death](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.40_exe.md)
- [8.41 IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.41_intpatch.md)
- [8.42 Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.42_taintcheck.md)
- [8.43 DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.43_dta++.md)
- [8.44 Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.44_multiverse.md)
- [8.45 Ramblr: Making Reassembly Great Again](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.45_ramblr.md)
- [8.46 FreeGuard: A Faster Secure Heap Allocator](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.46_freeguard.md)
- [8.48 Reassembleable Disassembling](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.48_uroboros.md)
