This paper introduces yet another function to defeat Windows DEP. It is assumed that the reader is already familiar with buffer overflows on x86, and has a basic understanding of the DEP protection mechanism. The technique discussed in this paper is aimed at Windows XP, however, it should also work on other Windows versions given that the attacker has some way to find the address of the DLL, such as through a memory disclosure, etc. This paper does not address the issue of ASLR, rather it recognizes ASLR as a completely separate problem. The method described here is not conceptually groundbreaking, and is ultimately only as impressive as any other ret-2-lib technique. |