摘要: Control-Flow Integrity (CFI) has been recognized as an important low-level security property. Its enforcement can defeat most injected and existing code attacks, including those based on Return-Oriented Programming (ROP). Previous implementations of CFI have required compiler support or the presence relocation debug information in binary. In contrast, we present a technique for applying to stripped binaries ×86/Linux. Ours is first work apply complex shared libraries such glibc. Through experimental evaluation, demonstrate that our implementation effective against control-flow hijack eliminates vast majority ROP gadgets. To achieve this result, developed robust techniques disassembly, static analysis, transformation large binaries. Our tested over 300MB (executables libraries).