Analysis and evaluation of ROPInjector
This thesis is to analyze the shellcode injecting tool named ROPInjector. The tool explores the potential of Return Oriented Programming as an antivirus evasion technique. The analysis is going to be twofold. Firstly, we are going to present the functionality of the tool by diving into the various algorithms used for transforming malicious code into its ROP equivalent. We are going to present the purpose of each mechanism and discuss about the implementation. At the same time, we will perform a detailed qualitative inquiry by comparing the input and the resulting (i.e. infected) binaries in order to evaluate the performance and effectiveness of ROPInjector. Last but not least, using the results of this analysis we are going to propose next steps in order to make the tool friendlier to the user, allowing researchers of the community to use it for their work.