Status of Netscape Bug Exploit (suggestions needed)
Rev. Mark Grant
mark at unicorn.com
Wed Sep 27 07:57:21 PDT 1995
Couldn't you either create the address in a register, and then do an
indirect jump through the register, or push it onto the stack and do a
ret ? You could do something like
mov ecx, address + 01010101
sub ecx, 01010101
jmp [ecx]
I'm not certain of the format for BSDI assembler, but I presume that's
possible. You could modify the value you add and subtract to make sure
there are no netscape-invalid bytes in the compiled code.
Mark
More information about the cypherpunks-legacy
mailing list