All Questions
2
questions
2
votes
1
answer
472
views
How to use "jmp" in ROP
I'm trying to put together a ROP chain. I'm looking for a gadget to do the following:
mov rdi, rdx ; mov rbp, rsp ; ret;
But instead, I have a gadget like this :
mov rdi, rdx ; mov rbp, rsp ; ...
- 31
1
vote
0
answers
131
views
Kernel ROP crashes running OS
I was experimenting to see if I can make an ROP chain within the kernel. In the kernel debugging mode, I can make the first jump to an arbitrary gadget address without any problem. But the problem ...
- 31