Theo de Raadt writes: > This is a bit different than polymorphism (which is interpreting > variable-sized instruction sequences at alternative offsets), but it is > worse (data tables placed into code without giving a shit about the > bytes in the data tables having meaning as instructions)
Is there a ROP gadget scanner that could identify byte sequences that are useful to ROP attacks in general, beyond just the specific individual byte 0xc3? Then one could set a goal of reducing the extent to which any such byte sequence appears in code segments, both by not including them in data tables like this, and conceivably by having compilers try not to emit them in code.