Comments on: A gentle introduction to return-oriented programming

By: Exploiting Stack Buffer Overflows | The Blog

Exploiting Stack Buffer Overflows | The Blog — Wed, 13 Apr 2011 07:56:27 +0000

[...] interesting [...]

By: A gentle introduction to return-oriented programming « clnoe == eohnik

A gentle introduction to return-oriented programming « clnoe == eohnik — Wed, 19 Jan 2011 09:01:43 +0000

[...] : http://blog.zynamics.com/2010/03/12/a-gentle-introduction-to-return-oriented-programming/ This entry was written by clnoe, posted on January 19, 2011 at 9:01 am, filed under [...]

By: Online Ouija Board

Online Ouija Board — Tue, 14 Sep 2010 08:42:21 +0000

i was just thinking about this similar thing before haha, excellent article

By: Exploit writing tutorial part 10 : Chaining DEP with ROP – the Rubik’s[TM] Cube | Peter Van Eeckhoutte's Blog

Mon, 23 Aug 2010 11:54:02 +0000

[...] Gentle introduction to return-oriented-programming [...]

By: corelanc0d3r

corelanc0d3r — Thu, 17 Jun 2010 21:28:42 +0000

FYI – I published a basic tutorial on return oriented programming : http://www.corelan.be:8800/index.php/2010/06/16/exploit-writing-tutorial-part-10-chaining-dep-with-rop-the-rubikstm-cube/

enjoy

By: A brief analysis of a malicious PDF file which exploits this week’s Flash 0-day « blog.zynamics.com

Wed, 09 Jun 2010 19:12:39 +0000

[...] list of addresses that point into code of an Adobe Reader DLL called BIB.DLL. We were dealing with return-oriented shellcode [...]

By: Anon

Anon — Fri, 16 Apr 2010 21:11:00 +0000

Oh! I just noticed there’s a second post. Reading that now and hopefully it will answer some questions.

By: Anon

Anon — Fri, 16 Apr 2010 21:09:51 +0000

Can anyone write a brief guide illustrating the use of rop in an exploit? Like say our codebase is in file.dll, we have control of some return address and want to use rop to copy shellcode from the buffer on the stack, to an rwx memory area and then pass program flow to it.

How would the ‘gadgets’ from the codebase be generated? Basically I’m just looking for help on how to convert a regular sequence of assembly instructions into its equivalent rop code. Thinking of it as the roles of eip/esp being switched is also kind of confusing and not intuitive.

By: Algorithms for platform independent return-oriented programming (I of III) « blog.zynamics.com

Fri, 16 Apr 2010 09:28:15 +0000

[...] for platform independent return-oriented programming (I of III) By Tim Kornau In my last post about the history of return-oriented programming I showed that we are not dealing with a completely [...]

By: jf

jf — Tue, 13 Apr 2010 15:47:24 +0000

ty for explicitly stating (by stating explicitly what the technique does bypass) that this isnt a given ASLR bypass technique, as everyone else seems to miss.