{"guid":"import-974e41c3857176ef9f","title":"String Oriented Programming","subtitle":"Circumventing ASLR, DEP, and Other Guards","slug":"28c3-4817-en-string_oriented_programming","link":"http://events.ccc.de/congress/2011/Fahrplan/events/4817.en.html","description":"The protection landscape is changing and exploits are getting more and more sophisticated. Exploit generation toolkits can be used to construct exploits for specific applications using well-defined algorithms. We present such an algorithm for leveraging format strings and introduce string oriented programming.\n","original_language":"eng","persons":["Mathias Payer"],"view_count":113,"promoted":false,"date":"2011-12-27T01:00:00.000+01:00","release_date":"2012-01-04T01:00:00.000+01:00","updated_at":"2026-02-09T00:00:10.245+01:00","tags":["28c3"," Hacking"],"length":2879,"duration":2879,"thumb_url":"https://static.media.ccc.de/media/congress/2011/28c3-4817-en-string_oriented_programming_h264.jpg","poster_url":"https://static.media.ccc.de/media/congress/2011/28c3-4817-en-string_oriented_programming_h264_preview.jpg","timeline_url":"https://static.media.ccc.de/media/congress/2011/import-974e41c3857176ef9f-timeline.jpg","thumbnails_url":"https://static.media.ccc.de/media/congress/2011/import-974e41c3857176ef9f-thumbnails.vtt","frontend_link":"https://media.ccc.de/v/28c3-4817-en-string_oriented_programming","url":"https://api.media.ccc.de/public/events/import-974e41c3857176ef9f","conference_title":"28C3: behind enemy lines","conference_url":"https://api.media.ccc.de/public/conferences/28c3","related":[{"event_id":797,"event_guid":"import-99180de8618aece534","weight":1},{"event_id":979,"event_guid":"import-ca377fadd50f41d378","weight":1},{"event_id":1011,"event_guid":"import-eceb398fdedfd15263","weight":1},{"event_id":1035,"event_guid":"import-522b456890530bf341","weight":1},{"event_id":1480,"event_guid":"import-c20b0541d532512134","weight":1},{"event_id":1530,"event_guid":"import-6fdeaba494d8699165","weight":1},{"event_id":1534,"event_guid":"import-5fe6dab8530ac65492","weight":1},{"event_id":1537,"event_guid":"import-bd2328a813340989bc","weight":1},{"event_id":1540,"event_guid":"import-bee058f77897330ce0","weight":1},{"event_id":1544,"event_guid":"import-9d9c56ae1d5816730b","weight":1},{"event_id":1546,"event_guid":"import-5066545b91f6a498b5","weight":1},{"event_id":1548,"event_guid":"import-c55c543fed3dbc291f","weight":2},{"event_id":1556,"event_guid":"import-ae0af31316a495be6a","weight":1},{"event_id":1571,"event_guid":"import-d31b8d9b757884b585","weight":2},{"event_id":1575,"event_guid":"import-743191fd7e877fb432","weight":1},{"event_id":1582,"event_guid":"import-2ee39c5fea857aeb23","weight":1},{"event_id":1588,"event_guid":"import-c8025284c9938a2c87","weight":1},{"event_id":1593,"event_guid":"import-b0589b01247d699e04","weight":2},{"event_id":1596,"event_guid":"import-d8314b471f27e20439","weight":1},{"event_id":1604,"event_guid":"import-006ecab1019284581b","weight":1},{"event_id":1609,"event_guid":"import-68a1981706215efc82","weight":1},{"event_id":1614,"event_guid":"import-a7f1f1ee62ed2fc9b9","weight":2},{"event_id":1615,"event_guid":"import-a12ea6cce80bbfdbef","weight":1},{"event_id":1616,"event_guid":"import-ebb5f5ebcd563a0fe1","weight":1},{"event_id":1625,"event_guid":"import-d5e915f712036ff928","weight":1},{"event_id":2188,"event_guid":"oBQMMNfX5t-5TBIk3z6pOg","weight":1},{"event_id":2227,"event_guid":"H1GEe9l64eUbo1oZXtLkEg","weight":2},{"event_id":2246,"event_guid":"5hkhmuwi5J8ZHMfd5k7veg","weight":1},{"event_id":2250,"event_guid":"Q41efHdmmnBkM5G8p6Wf_w","weight":1},{"event_id":2257,"event_guid":"rSiFVNguzdBmx13Lb-gobg","weight":1},{"event_id":2838,"event_guid":"777ec642-2866-4617-9789-91cba4a2b313","weight":1},{"event_id":2925,"event_guid":"e1efc11e-170c-4234-9ac0-4451a6631b01","weight":1},{"event_id":2939,"event_guid":"c87fa147-d1f4-4353-82db-c3e5b646884b","weight":1},{"event_id":2951,"event_guid":"2e3d2878-e8b0-44cd-aea8-baf52be25ecf","weight":1},{"event_id":3603,"event_guid":"798573a8-f544-48f0-abaf-ebc405f03f4a","weight":1},{"event_id":3623,"event_guid":"b7e028fa-175f-464d-bc85-adf56e358626","weight":1},{"event_id":3633,"event_guid":"530f0400-e4e8-4d99-909d-4cfc8121c0b0","weight":1},{"event_id":3640,"event_guid":"700a07e7-a9c4-437b-a4c5-4491b23a9b4a","weight":1},{"event_id":3641,"event_guid":"b9ca38ea-fa88-48c4-8083-9415eee93fcb","weight":1},{"event_id":3671,"event_guid":"4ef69e6a-026f-4b30-888d-af654b220a3d","weight":1},{"event_id":3689,"event_guid":"1f7eb981-2819-4824-8f40-4ddde0be7bf3","weight":1},{"event_id":3695,"event_guid":"c300b194-2a85-4705-92aa-b4e789882303","weight":1},{"event_id":3701,"event_guid":"155a622a-196e-4e05-a262-88f3a7726bbe","weight":1},{"event_id":3707,"event_guid":"c19012c9-71de-4272-a6f4-898f5c48b8d9","weight":1},{"event_id":3712,"event_guid":"cb23378b-6db0-4e2f-a4c8-f5006a467ca3","weight":1},{"event_id":3720,"event_guid":"198bdfe5-24cf-4b2f-9cd5-7522a99b3b4e","weight":1},{"event_id":3725,"event_guid":"c4211c94-7cea-457d-9214-7ccf5d7c89cc","weight":1},{"event_id":3727,"event_guid":"2aba641b-114d-4dac-866e-533314a3c108","weight":1},{"event_id":3733,"event_guid":"855ab830-c6c0-4be7-b84c-31ba78e90e3c","weight":1},{"event_id":3739,"event_guid":"61677c86-8d83-4c30-9cf4-f7741e1a8798","weight":1},{"event_id":3762,"event_guid":"25e2df7d-5740-4c2f-bc34-986326d606fe","weight":1},{"event_id":4784,"event_guid":"65a25dfd-56dd-4e87-a910-334e2dc25a9c","weight":1},{"event_id":4803,"event_guid":"23d59026-ab98-4f6c-a46d-0bb3e1788a67","weight":1},{"event_id":4817,"event_guid":"be19fbe3-e825-4e67-93f9-a6aeda2e31af","weight":2},{"event_id":4823,"event_guid":"bf924a39-2860-4e27-8741-b8fa0c010363","weight":1},{"event_id":4826,"event_guid":"16645200-2036-4a3c-a44d-a5ff44ac2991","weight":1},{"event_id":4833,"event_guid":"e1a60f7b-6a56-4dce-ab3a-c686fa940aa8","weight":1},{"event_id":4838,"event_guid":"59c664ea-425d-44e0-957c-09317cbfd382","weight":1},{"event_id":4843,"event_guid":"86c60da2-fefc-4750-ad22-fa821ce619b1","weight":2},{"event_id":4853,"event_guid":"7f293cf6-6d19-43ed-8aa7-7371e008bd45","weight":1},{"event_id":4875,"event_guid":"6be7c907-103c-4c96-969a-32890c98a8cd","weight":1}],"recordings":[{"size":258,"length":2879,"mime_type":"video/webm","language":"eng","filename":"28c3-4817-en-string_oriented_programming.webm","state":"downloaded","folder":"webm","high_quality":true,"width":720,"height":576,"updated_at":"2016-01-27T11:03:50.118+01:00","recording_url":"https://cdn.media.ccc.de/congress/2011/webm/28c3-4817-en-string_oriented_programming.webm","url":"https://api.media.ccc.de/public/recordings/3154","event_url":"https://api.media.ccc.de/public/events/import-974e41c3857176ef9f","conference_url":"https://api.media.ccc.de/public/conferences/28c3"},{"size":258,"length":2879,"mime_type":"audio/ogg","language":"eng","filename":"28c3-4817-en-string_oriented_programming.ogg","state":"downloaded","folder":"ogg-audio-only","high_quality":true,"width":720,"height":576,"updated_at":"2014-05-31T23:45:44.637+02:00","recording_url":"https://cdn.media.ccc.de/congress/2011/ogg-audio-only/28c3-4817-en-string_oriented_programming.ogg","url":"https://api.media.ccc.de/public/recordings/3155","event_url":"https://api.media.ccc.de/public/events/import-974e41c3857176ef9f","conference_url":"https://api.media.ccc.de/public/conferences/28c3"}]}