18 May
2009
18 May
'09
5:27 p.m.
The problem is that we're going to need a way to *not* hardcode it. 4M is too low because some payloads will run right over it.
In the vm86 mode we put esp at 0xfffc -- i.e. top of page 0. I wonder if we should always have it there. The biggest stack user we have is lzma at around 2kB, but lzma doesn't run until the very end.
ron