The Basics of Exploit Development 4: Unicode Overflows

Introduction<\/h2>\r\n\r\n

If you have read the previous articles in this series, welcome back and keep reading. If not, I would encourage you to read those first before proceeding, as this article builds on concepts laid down in the previous installments<\/a>. In this article, we will be covering a technique similar to the one in the second installment<\/a> of this series but with the twist of the character encoding of the input being in Unicode. In order to demonstrate how to get around this impediment, we will be writing parts of the payload and doing some stack realignment manually.<\/p>\r\n\r\n

Setup<\/h2>\r\n\r\n

This guide was written to run on a fresh install of Windows 10 Pro (either 32-bit or 64-bit should be fine) and as such you should follow along inside a Windows 10 virtual machine. This vulnerability has also been tested on Windows 7, however, the offsets in this article are the ones from the Windows 10 machine and subsequently may differ on your Windows 7 installation. The steps to recreate the exploit are exactly the same.
\r\n
\r\nYou will need a copy of X64dbg which can be downloaded from