You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
@@ -157,15 +157,15 @@ Here’s how the program operates once the exception handler is set up, the EDR
1. Hooked Function Execution: When a hooked function is called, the trampoline executes, redirecting the execution flow to the EDR DLL:
- Hooked Function Execution: When a hooked function is called, the trampoline executes, redirecting the execution flow to the EDR DLL:
2. Triggered Exception: An exception is raised as this memory region is marked as non-executable:
- Triggered Exception: An exception is raised as this memory region is marked as non-executable:
3. Exception Handling and ROP: The exception handler manages the exception and performs the necessary ROP to the ret gadget. This process is repeated as many times as needed until the program successfully completes the call to the hooked function.
- Exception Handling and ROP: The exception handler manages the exception and performs the necessary ROP to the ret gadget. This process is repeated as many times as needed until the program successfully completes the call to the hooked function.
