Bypassing SEHOP

[Nytro]

Bypassing SEHOP

Stéfan Le Berre

s.leberre a sysdream.com

Damien Cauquil

d.cauquil a sysdream.com

Table of contents
0. Introduction...............................................................................................................3
1. SEHOP specifications (short version).......................................................................3
2. Dealing with SEHOP when exploiting a stack overflow...........................................6
2.1. Breaking out the classical exploitation scheme........................................................................6
2.2. The tricky part...........................................................................................................................7
3. Proof Of Concept.......................................................................................................7
3.1. Target program & constraints...................................................................................................7
3.2. crash and exploitation...............................................................................................................8
4. Conclusion.................................................................................................................9
5. Credits......................................................................................................................10
6. Bibliography............................................................................................................10

Download:

http://shell-storm.org/papers/files/760.pdf