-
Stack Manipulation via Hardware breakpoint & Direct Syscall Execution
x86 Stack Primer In this section we will quickly go over x86 stack working. The scenario is main() calls function A(), then A() calls B(). Lets see how this affects the stack. The above image is very generic in nature and calling convention is not taken into consideration. Process Overview Spoofing return address Below image…
-
The Stack Series: Return Address Spoofing on x64
introduction The stack of a process has the potential to give away the true nature of the running program in the memory. Hence it is one of the monitored entities by the security solutions. When a program executes any interesting functions like InternetConnectA, security systems may initiate a stack check to find out if there…