You make no mention of exploit mitigations like EMET or Windows Defender Exploit Guard. If your exploit requires that a "controlled address were jumped to", then even just mandatory ASLR (provided by both EMET and WDAG) would stop the exploit, no?
Except it's loaded at 0x10000 for every reboot. And on every machine. So not really randomized. Just different than the default.
-
-
If you try specifying that bottom-up ASLR should be always enabled for that EXE (rather than "on by default"), does the base address get randomized?
-
Yes, it does. See my prior tweet w/ screenshot:https://twitter.com/wdormann/status/930774937794744326 …
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.