crash.software
Projects
Pull Requests
Issues
Builds
ThreadStackSpoofer
Code
Files
Commits
Branches
Tags
Pull Requests
Code Comments
Code Compare
Issues
Builds
Statistics
Child Projects
cra.sh
RESTful API
Projects STRLCPY ThreadStackSpoofer Commits 7210a25e
🤬
Revision indexing in progress... (symbol navigation in revisions will be accurate after indexed)
  • ■ ■ ■ ■ ■
    README.md
    skipped 38 lines
    39 39  Function return addresses are scattered all around the thread's stack memory area, pointed to by `RBP/EBP` register. In order to find them on the stack, we need to firstly collect frame pointers, then dereference them for overwriting:
    40 40   
    41 41  ![stack frame](images/frame0.png)
     42 + 
    42 43  (the above image was borrowed from _Eli Bendersky's_ post named [Stack frame layout on x86-64](https://eli.thegreenplace.net/2011/09/06/stack-frame-layout-on-x86-64/))
    43 44   
    44 45  ```
    skipped 140 lines
Please wait...
Page is in error, reload to recover