As part of a personal project I'm working on a ROP chain, and was looking for a gadget like so; pop ecx; pop eax;, being an imperfect world I found the below two, and was wondering if jmp ecx would mess up my ROP? Alternatively I can use pop ecx; add al, 0xf6; ret;, however, I suspect it would be harder to deal with add vs jmp.
pop eax; ret;
pop ecx; jmp ecx;
For a bit more context I want; pop ecx; ret; to put the first part of my string in ecx and pop eax; ret; to get the memory address to write too into eax register.
Would apriciate any insight you could provide?
Update:
Changed ecx register to esi as i had better gadgets.
与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
