You get the idea right! We are going to enumerate all the ROP-Gadgets and then chain them together to craft our API call which will in turn disable DEP and allow us to execute our second stage payload
参考:http://www.fuzzysecurity.com/tutorials/expDev/7.html
ROP的利用分为两个阶段,首先关闭DEP;然后,进行第二阶段的正常的shellcode执行。
原文地址:http://www.cnblogs.com/long123king/p/3835673.html
