# 八、学术篇 - [8.1 The Geometry of Innocent Flesh on the Bone: Return-into-libc without Function Calls (on the x86)](/ctf-all-in-one/ba-xue-shu-pian/8.1_ret2libc_without_calls.md) - [8.2 Return-Oriented Programming without Returns](/ctf-all-in-one/ba-xue-shu-pian/8.2_rop_without_ret.md) - [8.3 Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms](/ctf-all-in-one/ba-xue-shu-pian/8.3_rop_rootkits.md) - [8.4 ROPdefender: A Detection Tool to Defend Against Return-Oriented Programming Attacks](/ctf-all-in-one/ba-xue-shu-pian/8.4_ropdefender.md) - [8.5 Data-Oriented Programming: On the Expressiveness of Non-Control Data Attacks](/ctf-all-in-one/ba-xue-shu-pian/8.5_dop.md) - [8.7 What Cannot Be Read, Cannot Be Leveraged? Revisiting Assumptions of JIT-ROP Defenses](/ctf-all-in-one/ba-xue-shu-pian/8.7_jit-rop_defenses.md) - [8.9 Symbolic Execution for Software Testing: Three Decades Later](/ctf-all-in-one/ba-xue-shu-pian/8.9_symbolic_execution.md) - [8.10 AEG: Automatic Exploit Generation](/ctf-all-in-one/ba-xue-shu-pian/8.10_aeg.md) - [8.11 Address Space Layout Permutation (ASLP): Towards Fine-Grained Randomization of Commodity Softwa](/ctf-all-in-one/ba-xue-shu-pian/8.11_aslp.md) - [8.13 New Frontiers of Reverse Engineering](/ctf-all-in-one/ba-xue-shu-pian/8.13_reverse_engineering.md) - [8.14 Who Allocated My Memory? Detecting Custom Memory Allocators in C Binaries](/ctf-all-in-one/ba-xue-shu-pian/8.14_detecting_memory_allocators.md) - [8.21 Micro-Virtualization Memory Tracing to Detect and Prevent Spraying Attacks](/ctf-all-in-one/ba-xue-shu-pian/8.21_tracing_to_detect_spraying.md) - [8.22 Practical Memory Checking With Dr. Memory](/ctf-all-in-one/ba-xue-shu-pian/8.22_memory_checking.md) - [8.23 Evaluating the Effectiveness of Current Anti-ROP Defenses](/ctf-all-in-one/ba-xue-shu-pian/8.23_current_anti-rop.md) - [8.24 How to Make ASLR Win the Clone Wars: Runtime Re-Randomization](/ctf-all-in-one/ba-xue-shu-pian/8.24_runtime_re-randomization.md) - [8.25 (State of) The Art of War: Offensive Techniques in Binary Analysis](/ctf-all-in-one/ba-xue-shu-pian/8.25_angr.md) - [8.26 Driller: Augmenting Fuzzing Through Selective Symbolic Execution](/ctf-all-in-one/ba-xue-shu-pian/8.26_driller.md) - [8.27 Firmalice - Automatic Detection of Authentication Bypass Vulnerabilities in Binary Firmware](/ctf-all-in-one/ba-xue-shu-pian/8.27_firmalice.md) - [8.28 Cross-Architecture Bug Search in Binary Executables](/ctf-all-in-one/ba-xue-shu-pian/8.28_cross_arch_bug.md) - [8.29 Dynamic Hooks: Hiding Control Flow Changes within Non-Control Data](/ctf-all-in-one/ba-xue-shu-pian/8.29_dynamic_hooks.md) - [8.30 Preventing brute force attacks against stack canary protection on networking servers](/ctf-all-in-one/ba-xue-shu-pian/8.30_prevent_brute_force_canary.md) - [8.33 Under-Constrained Symbolic Execution: Correctness Checking for Real Code](/ctf-all-in-one/ba-xue-shu-pian/8.33_ucklee.md) - [8.34 Enhancing Symbolic Execution with Veritesting](/ctf-all-in-one/ba-xue-shu-pian/8.34_veritesting.md) - [8.38 TaintEraser: Protecting Sensitive Data Leaks Using Application-Level Taint Tracking](/ctf-all-in-one/ba-xue-shu-pian/8.38_tainteraser.md) - [8.39 DART: Directed Automated Random Testing](/ctf-all-in-one/ba-xue-shu-pian/8.39_dart.md) - [8.40 EXE: Automatically Generating Inputs of Death](/ctf-all-in-one/ba-xue-shu-pian/8.40_exe.md) - [8.41 IntPatch: Automatically Fix Integer-Overflow-to-Buffer-Overflow Vulnerability at Compile-Time](/ctf-all-in-one/ba-xue-shu-pian/8.41_intpatch.md) - [8.42 Dynamic Taint Analysis for Automatic Detection, Analysis, and Signature Generation of Exploits](/ctf-all-in-one/ba-xue-shu-pian/8.42_taintcheck.md) - [8.43 DTA++: Dynamic Taint Analysis with Targeted Control-Flow Propagation](/ctf-all-in-one/ba-xue-shu-pian/8.43_dta++.md) - [8.44 Superset Disassembly: Statically Rewriting x86 Binaries Without Heuristics](/ctf-all-in-one/ba-xue-shu-pian/8.44_multiverse.md) - [8.45 Ramblr: Making Reassembly Great Again](/ctf-all-in-one/ba-xue-shu-pian/8.45_ramblr.md) - [8.46 FreeGuard: A Faster Secure Heap Allocator](/ctf-all-in-one/ba-xue-shu-pian/8.46_freeguard.md) - [8.48 Reassembleable Disassembling](/ctf-all-in-one/ba-xue-shu-pian/8.48_uroboros.md)