ImmuniWeb® by High-Tech Bridge


High-Tech Bridge Newsletter

Subscribe to our newsletter and receive some or all of our corporate news, invitations to security events or HTB Security Advisories – you choose what you want to receive.

Defeating Data Execution Prevention and ASLR in Windows

June 27, 2011

Author: Brian Mariani, Senior Security Auditor at High-Tech Bridge SA


Data prevention Execution (DEP) and Address space layout randomization (ASLR) are two protection mechanisms integrated in Windows operating system to make more complicated the task of exploiting software. This document show how these two features can be bypassed using different techniques.


PDF: Defeating Data Execution Prevention and ASLR in Windows (1,3 MB)
Video: Defeating Data Execution Prevention and ASLR in Windows
Video: Tracing the Exploit
HeapCreate.asm
VirtualAllocandWriteProcessMemory.asm
VirtualProtect.asm
VulnerableServer.cpp