Investigate using \xC2\xXX\xYY returns
dguido opened this issue · 1 comments
dguido commented
ddz commented
This is a moderate increase in complexity as it requires tracking the amount of stack padding space required by each instruction followed by a return w/ an immediate stack offset. It was a deliberate design philosophy decision to not do this as to keep the sequences that BISC scans for as simple as possible. These sequences are rare anyway and the offsets can get huge (16-bit offset). It is also rarely necessary to dig this deep for usable instruction sequences.
If someone submits an example of how using these sequences generates a ROP payload against a common DLL that wouldn't have been possible without these sequences, I'll consider it. Otherwise, it is against the design philosophy of BISC.