Showing posts from June, 2018

Windows Exploit Development : Exploiting Structured Exception Handling and ROP Chaining

Hi folks this post is a continuation of a series I'm doing covering the fundamentals of windows exploit development. In this post I'm going to inch a little closer to arbitrary code execution by showing you how to chain ROP gadgets and one or two stack pivoting tricks.

So here's how this post is going to go:
We we're gonna look at how Structured Exception handling worksWe're gonna break it and show how it breaksThen we're going to make it execute whatever code we wantFigure out how to fix our stack pointerChain some ROP gadgets What you needWindows Virtual Machine Debugger Tools for windowsEasy MPEG to DVD Burner (copy available on exploit-db)ImmunityDBG(optional) python script Reverse Engineering Structured Exception Handling
Structured Exception handling is a mechanism offered to functions in that allow them to customize their responses to hardware and software exceptions. Hardwar…