M2G Posted June 20, 2012 Report Posted June 20, 2012 This paper is divided into three parts. Part 1 describes the design and implementation of the protection mechanisms that will be the focus of the remainder of the paper. This section contains all the necessary background information about the available protection mechanisms on Windows XP and Vista. Part 2 discusses the limitations of these protections and presents the theory behind the techniques that we will employ to bypass them. Finally, in Part 3 of the paper we show how the theoretical techniques outlined in Part 2 can be utilized to produce robust and reliable exploits that work effectively in realistic environments. Since real-world exploitation requires bypassing multiple memory protections, we will present several ways in which these techniques can be combined to achieve remote code execution.http://www.blackhat.com/presentations/bh-usa-08/Sotirov_Dowd/bh08-sotirov-dowd.pdf Quote
