Defeating DEP through a mapped file

Nytro · August 4, 2012

Defeating DEP through a mapped file

by Homeostasie (Nicolas.D)

Contents
1. Introduction............................................................................................................3
2. Description of the attack scenario..........................................................................4
3. Building a ROP exploit..........................................................................................7
3.1. Step 1 - Open a file containing our shellcode ......................................................................7
3.2. Step 2 - Craft mmap() parameters into the stack..................................................................9
3.2.1. ROP chaining for crafting the first argument to 0......................................................10
3.2.2. ROP chaining for crafting the second and the fourth argument to 1..........................12
3.2.3. ROP chaining for crafting the third argument to 4.....................................................13
3.2.4. ROP chaining for crafting the fifth argument to “fd” value (file descriptor).............14
3.2.5. ROP chaining for crafting the sixth argument to 0.....................................................14
3.3. Step 3 – Call mmap() and jump on the mapped area..........................................................15
4. Conclusion...........................................................................................................18

Download:

http://shell-storm.org/papers/files/800.pdf

Sign In

Defeating DEP through a mapped file

Recommended Posts

Nytro

Join the conversation

Browse

Activity

Pages