I am new in SEH based exploit
Why didn't we put our return address directly in SE handler to jump to our shellcode? (with no safeSEH)
can't any body explain the reason of using pop pop ret?
I read something that said SEH bypass ASLR and DEP, but how?
our shellcode finally will be located in stack and stack will be still nonexecutable, how DEP is bypassed?