Brief inside DEP and ROP

KUMΞL | Monday, January 07, 2013 | , | 0 comments

DEP is data execution prevent, it is some kind of windows protection. DEP was protecting with make the stack of windows application to be non executable, so if we put some payload in the stack then we don't allow to execute it. But we can bypass DEP protection with some method which available in Win32 APIs.

Some method to bypass DEP
VirtualProtect()
The VirtualProtect function changes the access protection of memory region become readable, writable, or executable in the calling process.
http://msdn.microsoft.com/en-us/library/aa366898(VS.85).aspx

VirtualAlloc()
This function will allocate new memory. One of the parameters to this function specifies the execution/access level of the newly allocated memory, so
the goal is to set that value to EXECUTE_READWRITE.
http://msdn.microsoft.com/en-us/library/aa366887(VS.85).aspx

Read more »
Subscribe to: Posts (Atom)