Register spring

This article is an orphan, as no other articles link to it. Please introduce links to this page from related articles; try the Find link tool for suggestions. (June 2018)

In computer security, a register spring is a sort of trampoline. It is a bogus return pointer or Structured Exception Handling (SEH) pointer which an exploit places on the call stack, directing control flow to existing code (within a dynamic-link library (DLL) or the static program binary). This target code in turn consists of a call or jump such as "CALL EBX" or "JMP ESP", where the appropriate processor register was previously prepared by the exploit to point to where the payload code begins.

Sources[edit]

• Crandall, Jedidiah R.; Wu, S. Felix; Chong, Frederic T. (2005). "Experiences Using Minos as a Tool for Capturing and Analyzing Novel Worms for Unknown Vulnerabilities". In Julisch, Klaus; Krügel, Christopher (eds.). Proceedings of the Second International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2005), Vienna, Austria, July 7-8, 2005 (PDF). Lecture Notes in Computer Science (LNCS). Vol. 3548. Springer. pp. 32–50. ISBN 3-540-26613-5. Retrieved 2012-04-19.