# 八、学术篇 - [8.1 The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.1_ret2libc_without_calls.md) - [8.2 Return-Oriented Programming without Returns](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.2_rop_without_ret.md) - [8.3 Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.3_rop_rootkits.md) - [8.4 ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.4_ropdefender.md) - [8.5 Data-Oriented Programming: On the Expressiveness of Non-Control Data Attacks](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.5_dop.md) - [8.7 What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.7_jit-rop_defenses.md) - [8.9 Symbolic Execution for Software Testing: Three Decades Later](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.9_symbolic_execution.md) - [8.10 AEG: Automatic Exploit Generation](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.10_aeg.md) - [8.11 Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Softwa](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.11_aslp.md) - [8.13 New Frontiers of Reverse Engineering](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.13_reverse_engineering.md) - [8.14 Who Allocated My Memory? Detecting Custom Memory Allocators in C Binaries](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.14_detecting_memory_allocators.md) - [8.21 Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.21_tracing_to_detect_spraying.md) - [8.22 Practical Memory Checking With Dr. Memory](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.22_memory_checking.md) - [8.23 Evaluating the Effectiveness of Current Anti-ROP Defenses](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.23_current_anti-rop.md) - [8.24 How to Make ASLR Win the Clone Wars: Runtime Re-Randomization](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.24_runtime_re-randomization.md) - [8.25 (State of) The Art of War: Offensive Techniques in Binary Analysis](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.25_angr.md) - [8.26 Driller: Augmenting Fuzzing Through Selective Symbolic Execution](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.26_driller.md) - [8.27 Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.27_firmalice.md) - [8.28 Cross-Architecture Bug Search in Binary Executables](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.28_cross_arch_bug.md) - [8.29 Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.29_dynamic_hooks.md) - [8.30 Preventing brute force attacks against stack canary protection on networking servers](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.30_prevent_brute_force_canary.md) - [8.33 Under-Constrained Symbolic Execution: Correctness Checking for Real Code](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.33_ucklee.md) - [8.34 Enhancing Symbolic Execution with Veritesting](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.34_veritesting.md) - [8.38 TaintEraser: Protecting Sensitive Data Leaks Using Application-Level Taint Tracking](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.38_tainteraser.md) - [8.39 DART: Directed Automated Random Testing](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.39_dart.md) - [8.40 EXE: Automatically Generating Inputs of Death](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.40_exe.md) - [8.41 IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.41_intpatch.md) - [8.42 Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.42_taintcheck.md) - [8.43 DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.43_dta++.md) - [8.44 Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.44_multiverse.md) - [8.45 Ramblr: Making Reassembly Great Again](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.45_ramblr.md) - [8.46 FreeGuard: A Faster Secure Heap Allocator](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.46_freeguard.md) - [8.48 Reassembleable Disassembling](https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian/8.48_uroboros.md) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://firmianay.gitbook.io/ctf-all-in-one/ba-xue-shu-pian.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.