Another possible way to jump to shellcode is using the PUSH ESP, RET technique. If you’ve got no usable CALLs or JMPs to ESP for some reasons, you can first use a PUSH ESP to put the address of ESP onto the Stack and after that RET that value to the EIP. So this is … Read More →
Links
Follow Me!