Finding dispatcher gadgets for jump oriented programming code reuse attacks

One of the most dangerous forms of the memory manipulation based attacks is the code reuse based attack type. In this type of attack the malwares do not need to place own malicious code in the memory space, they use the already linked code to achieve the aim. The present study discusses a critical part of the jump oriented programming which is nowadays the most up-to-date memory manipulation attack type. The controlling element of the jump oriented attacks is the so-called dispatcher gadget which controls the creation of the malicious code from the available legitimate code patches. The use of the dispatcher gadgets has already been introduced on 32bit Linux systems but generally the search algorithm and the classification are still open questions. This study presents the dispatcher gadgets and their characteristics found in the basic dll files of the windows 32 bit system and in the 64 bit Linux libc files.