• While much of public vulnerability research focuses on pure 32-bit app exploitation,
the fact is, a significant portion of 32-bit software is now running on 64-bit operating
• In this report, we’ll demonstrate a technique to bypass all payload/shellcode
execution and ROP-related mitigations provided by EMET using the WoW64
compatibility layer provided in 64-bit Windows editions.
• To demonstrate how we can bypass EMET by abusing WoW64, we’ll modify an
existing use-after-free Adobe Flash exploit.
• We’ll also discuss limitations and avenues of exploitation, obfuscation, and antiemulation
imposed by WoW64 on 32-bit applications.