this week I suggest this amazing reading on “Return Oriented Programming” by 6 researchers from Princeton University, University of California @ San Diego and University of Michigan.
The researchers used a clever trick to achieve this. In the existing code, they searched for short code sequences that end in a RET instruction. The RET instructions retrieves an address from the stack and jumps to this address. Using an ingeniously crafted stack consisting of the addresses of suitable code snippets, the researchers can recreate almost arbitrary programs. They created the required stack with a conventional buffer overflow in the existing program code. The program’s next RET instruction consequently triggers a series of RETs which eventually executes the code that manipulates the election result according to the attackers wishes. The researchers have called their ingenious exploit technique “Return-oriented Programming”.