Register spring
Appearance
In computer security, a register spring is a sort of trampoline. It is a bogus return pointer or Structured Exception Handling (SEH) pointer which an exploit places on the call stack, directing control flow to existing code (within a dynamic-link library (DLL) or the static program binary). This target code in turn consists of a call or jump such as "CALL EBX" or "JMP ESP", where the appropriate processor register was previously prepared by the exploit to point to where the payload code begins.
Sources
[edit]- Crandall, Jedidiah R.; Wu, S. Felix; Chong, Frederic T. (2005). "Experiences Using Minos as a Tool for Capturing and Analyzing Novel Worms for Unknown Vulnerabilities". In Julisch, Klaus; Krügel, Christopher (eds.). Proceedings of the Second International Conference on Detection of Intrusions and Malware, and Vulnerability Assessment (DIMVA 2005), Vienna, Austria, July 7-8, 2005 (PDF). Lecture Notes in Computer Science (LNCS). Vol. 3548. Springer. pp. 32–50. ISBN 3-540-26613-5. Retrieved 2012-04-19.