偶不懂,就要多学习,呵呵

http://taossa.com/archive/bh08sotirovdowd.pdf

Over  the  past  several  years,  Microsoft  has  implemented  a  number  of  memory  protection mechanisms  with  the  goal  of  preventing  the  reliable  exploitation  of  common  software vulnerabilities on the Windows platform. Protection mechanisms such as GS, SafeSEH, DEP and ASLR  complicate  the  exploitation  of many memory  corruption  vulnerabilities  and  at  first  sight
present an insurmountable obstacle for exploit developers.
In this paper we will discuss the limitations of all aforementioned protection mechanisms and will describe  the  cases  in  which  they  fail.  We  aim  to  show  that  the  protection  mechanisms  in Windows Vista are particularly  ineffective  for preventing  the exploitation of memory  corruption
vulnerabilities  in browsers.  This will be demonstrated with  a  variety  of  exploitation  techniques that can be used to bypass the protections and achieve reliable remote code execution in many
different circumstances.