filmov
tv
Binary Exploit Development 4 - DEP Bypass with VirtualAlloc
Показать описание
Learn how to bypass DEP in part 4 of our Binary Exploit Development Series.
Exploit Development 4 DEP Bypass Article:
The fourth part of our exploit development series will demonstrate how to bypass the Windows DEP stack protection for a buffer overflow attack by abusing the Windows API via a self-made ROP chain.
Before attempting to write your own ROP chain you should definitely know at least the basics of x86 assembly. Since we cannot just write ASM code but have to rely on existing instruction-chains we often have to come up with tricks and uncommon approaches in order to prepare the stack correctly for our API call.
What Is Dep?
DEP stands for Data Execution Prevention and comes in two versions:
- Software-enforced DEP
- Hardware-enforced DEP
We will only talk about the hardware-based version which is the one we have to worry about almost always (from now on "DEP" always refers to hardware-enforced DEP).
This stack protection was introduced with Windows XP Service Pack 2 and is included in all Windows versions since then. In order to be able to function it requires the No eXecute (NX-bit) bit which comes with AMD CPUs or the Execute Disable (XD-bit) which comes with Intel CPUs.
Exploit Development 4 - DEP Bypass
Exploit Development 4 DEP Bypass Article:
The fourth part of our exploit development series will demonstrate how to bypass the Windows DEP stack protection for a buffer overflow attack by abusing the Windows API via a self-made ROP chain.
Before attempting to write your own ROP chain you should definitely know at least the basics of x86 assembly. Since we cannot just write ASM code but have to rely on existing instruction-chains we often have to come up with tricks and uncommon approaches in order to prepare the stack correctly for our API call.
What Is Dep?
DEP stands for Data Execution Prevention and comes in two versions:
- Software-enforced DEP
- Hardware-enforced DEP
We will only talk about the hardware-based version which is the one we have to worry about almost always (from now on "DEP" always refers to hardware-enforced DEP).
This stack protection was introduced with Windows XP Service Pack 2 and is included in all Windows versions since then. In order to be able to function it requires the No eXecute (NX-bit) bit which comes with AMD CPUs or the Execute Disable (XD-bit) which comes with Intel CPUs.
Exploit Development 4 - DEP Bypass