A way ("there are more") to disable NX non-executable stacks is simply ZwSetInformationProcess(-1, 22, "\x32\x00\x00\x00", 4); for example this will allow execution anywhere in the process memory. This is called a ret2ntdll attack. Again the security is there but it's not perfect. Be careful with the claims of perfection.
Great video. Really well explained. Thanks
parkourpeter112 3 years ago
This disables DEP, not hardware enforced NX.
sniffem 3 years ago
A way ("there are more") to disable NX non-executable stacks is simply ZwSetInformationProcess(-1, 22, "\x32\x00\x00\x00", 4); for example this will allow execution anywhere in the process memory. This is called a ret2ntdll attack. Again the security is there but it's not perfect. Be careful with the claims of perfection.
sypha0x 4 years ago