Comment by pm215

Comment by pm215 3 days ago

If you can already subvert the flow of execution enough to jump somewhere you shouldn't be, you probably have better targets elsewhere in the binary than a conditional branch.

Normal_gaussian 3 days ago

Certainly true if you control the entire value; but if you can only flip a bit or two then this does provide a trampoline to increase the exploits range.

Probably more of a "stick it in the toolbox for automatic use" rather than building an exploit around it type of situation however.

Reply View 0 replies

Aurornis 3 days ago

A common exploit technique is to use what’s called “Return Oriented Programming” to jump to different locations throughout the file to trigger little “ROP gadget” instruction combos to accomplish what you need to do.

Reply View 0 replies

JdeBP 3 days ago

You have almost, with that statement, figured out what this really is and why it is there.

* https://news.ycombinator.com/item?id=44970832

Reply View 0 replies