Order Now Free Demo

Geneva: +41 (22) 723 2424 | San Francisco: +1 (415) 659 1861 |

Security Blog

Yahoo: From t-shirt-gate to 500 millions customer breach

September 27, 2016

9/10 big businesses have suffered a significant cyber attack

September 22, 2016

Is someone planning to shut down the internet?

September 20, 2016

Cybersecurity: how to save half a million pounds

September 15, 2016

What the NSA hack tells us about cybercrime

September 13, 2016

News and press releases

High-Tech Bridge releases a new version of its free SSL testing service

September 20, 2016

High-Tech Bridge's CEO selected to Forbes Technology Council

July 12, 2016

High-Tech Bridge named to OTA’s 2016 Online Trust Honor Roll

June 14, 2016

High-Tech Bridge releases web security trends of the first half of 2016

June 7, 2016

High-Tech Bridge launches malicious domain discovery service

April 27, 2016

High-Tech Bridge > Security Blog > Defeating Data Execution Prevention and ASLR in Windows

Defeating Data Execution Prevention and ASLR in Windows

Monday, June 27, 2011 By Brian Mariani

Author: Brian Mariani, Senior Security Auditor at High-Tech Bridge SA

Data prevention Execution (DEP) and Address space layout randomization (ASLR) are two protection mechanisms integrated in Windows operating system to make more complicated the task of exploiting software. This document show how these two features can be bypassed using different techniques.

PDF: Defeating Data Execution Prevention and ASLR in Windows (1,3 MB)

Video: Defeating Data Execution Prevention and ASLR in Windows

Video: Tracing the Exploit

VirtualAllocandWriteProcessMemory.asm

VirtualProtect.asm

VulnerableServer.cpp

Tags: ASLR DEP Windows

Previous Blog Posts: Structured Exception Handler Exploitation Fake Malware and Virus Scanners

User Comments and Opinions