Foreword

Abstract: Nearly all existing exploitation vectors depend on some knowledge of a process' address space prior to an attack in order to gain meaningful control of execution flow. In cases where this is necessary, exploit authors generally make use of static addresses that may or may not be portable between various operating system and application revisions. This fact can make exploits unreliable depending on how well researched the static addresses were at the time that the exploit was implemented. In some cases, though, it may be possible to predict and make use of certain addresses in memory that do not have static contents. This document introduces the concept of temporal addresses and describes how they can be used, under certain circumstances, to make exploitation more reliable.

Disclaimer: This document was written in the interest of education. The author cannot be held responsible for how the topics discussed in this document are applied.

Thanks: The author would like to thank H D Moore, spoonm, thief, jhind, johnycsh, vlad902, warlord, trew, #vax, uninformed, and all the friends of nologin!

With that, on with the show...