IT Services Circle
Jul 15, 2024 · Fundamentals
Understanding Stack Pointer Corruption When Mixing RSP and ESP in 64‑bit Windows: A Reverse‑Engineering Case Study
The article analyzes a crash that occurs on Windows 10 when a 64‑bit program mixes RSP and ESP instructions, explains how writing to the 32‑bit ESP register zero‑extends the upper 32 bits of RSP, and shows how this stack‑pointer mismatch leads to an access‑violation error that does not appear on Windows 7.
Reverse EngineeringWindowsassembly
0 likes · 6 min read