A method to bypass NX by using JIT Compilation memory space (which is executable and writeable).
Process
- Make constants in code that will be JITed (
var evil = "%90%90%90%90%90%90") - JIT engine will
mprotect(PROT_WRITE), compile code into memory, thenmprotect(PROT_EXEC), code is now present in executable memory - Use a vulnerability to redirect execution into the constant
Example
JIT Spray Bypass ASLR
Compile alot of the same code, then hope you get lucky with the jmp
