Defeating Windows 8 ROP Mitigation

Discussion in 'other security issues & news' started by Hungry Man, Sep 22, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Last edited: Sep 22, 2011
  2. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Lol, that didn't take long, though of course it's expected.
     
  3. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    No, as with anything it's easy to see a way around it. That's why there are all of those articles on the mitigations included in EMET.

    I know one of the mitigations in EMET addresses ROP gadgets probably in a similar way, so they had that to work with long before Win8 was out.
     
  4. elapsed

    elapsed Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    7,034
    Isn't it true that almost all mitigations can be bypassed on their own? The sauce is in combining them all together. ASLR,DEP,SEHOP,BottomUpRand,ROP,etc.

    Or did I miss the part in the article where he was testing ROP with all these active?
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I'm wondering that myself. ROP necessitates that you know where certain things are in memory. You would (possibly) have to bypass ASLR and BUR.

    EDIT: And maybe EAF.
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.