 |
| Type: |
R0 Recovery |
|---|
| Size: |
3 bytes |
|---|
| Compat: |
All |
|---|
| Migration: |
Not necessary |
|---|
| Requirements: |
No held locks in wrapped frame |
|---|
If a vulnerability occurs in the context of a frame that is wrapped
in an exception handler, it may be possible to simply trigger an
exception that will allow execution to continue like normal.
Unfortunately, the chances of this recovery method being usable are
very slim considering most vulnerabilities are likely to occur
outside of the context of an exception wrapped frame. The usability
of this approach can be tested fairly simply by triggering the
overflow in such a way as to cause an exception to be thrown. If
the machine does not crash, it could be the case that the
vulnerability occurred in a function that is wrapped by an exception
handler. Assuming this is the case, writing a payload that simply
triggers an exception is fairly trivial.
00000000 31F6 xor esi,esi
00000002 AC lodsb
|
