⌃K

Windows SEH

Exploit Form:
    buffer = b"A"*400
    buffer += p32(0x06eb9090) # NSEH, short jump to get over SEH
    buffer += p32(...)# SEH, pop pop ret
    buffer += b"\x90"*(600-len(buffer))
Overwrite SEH with pop pop ret and place a short jump in NSEH to get over the SEH pointer.

Windows ROP

Windows Stack

Last modified 6mo ago