You make no mention of exploit mitigations like EMET or Windows Defender Exploit Guard. If your exploit requires that a "controlled address were jumped to", then even just mandatory ASLR (provided by both EMET and WDAG) would stop the exploit, no?
-
-
Ah, it does have a .reloc section (from dumpbin). I didn't expect a .exe from 2000 to have that. My apologies. ASLR will work.
-
What's confusing to me is why despite having a relocation section, system-wide ASLR does *NOT* randomize the loaded address. It's loaded at 0x10000 every time for me, even if mandatory ASLR is enabled system-wide using either EMET or WDEG.
@epakskape - 13 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.