Since the issue is the heap frees the memory before the payload can execute couldn't we do protect the memory pages like this guy/girl? wrote:
Duke Says:
September 21, 2012 at 5:26 am
Might be obvious but:
Can’t you use mprotect() on this memory pages before it’s freed and write a signal handler (cause trying to write on it will trigger a SEGV).
|
http://nwert.wordpress.com/2012/09/1...v2/#comment-71