New research 👉 Exception Oriented Programming, Part 2: Weaponizing Fundamental Weaknesses in Exception Unwinding to Gain Code Execution
Conversation
I started with low expectations due to Part 1, but this really is a great article. Fyi there's a newer RtlVirtualUnwind in coreclr: github.com/dotnet/runtime
It has UWOP_EPILOGE and its unwinding that MS doesn't document.
Glad there are others interested in making up stack frames.
I'm glad that you enjoyed it! Agreed that this blog was much more in depth than part 1. I did look into the legacy epilog logic and UWOP_EPILOG/RtlpUnwindEpilogue briefly, but I didn't find any additional primitives compared to what you could already do with other operations.

