This paper introduces yet another function to defeat Windows DEP. It is
assumed that the reader is already familiar with buffer overflows on x86,
and has a basic understanding of the DEP protection mechanism. The technique
discussed in this paper is aimed at Windows XP, however, it should also work
on other Windows versions given that the attacker has some way to find the
address of the DLL, such as through a memory disclosure, etc. This paper
does not address the issue of ASLR, rather it recognizes ASLR as a
completely separate problem. The method described here is not conceptually
groundbreaking, and is ultimately only as impressive as any other ret-2-lib
technique.