Comment by Dylan16807
2 days ago
> It's not exploitable.
The article doesn't say it is.
> It's an exploit mitigation, in fact.
The article made that clear.
> It's not a bug; it's intentional that it works this way.
What is "this way"? Trap or jump? If you're saying a jump is supposed to count as a trap, it's a pretty bad one. It still allows a lot of jumps to the padding to continue and execute valuable code.
[flagged]
It says why it jumps over nops in the middle of a function. No explanation for jumping backwards at the end of a function.
And it replaces the nops with int3. Not another jump. This code keeps stacking d4.
Putting instructions that halt execution in unreachable parts of the code would make sense, but this is just a jump with a fixed offset, which may technically still be exploitable.
If trap instructions are not possible, I would at least try to make it an unconditional jump to create an infinite loop.