Crafting a Full Exploit RCE from a Crash in Autodesk Revit RFA File Parsing

This report documents an exploit development technique that achieves a 64-bit stack pivot and ROP execution on Windows 10/11 by abusing a destructor loop and GDI calls in a program: the author uses a sequence of gadgets (push rax; pop rbp; ret and leave) and a loop-based “weird machine” to transfer a heap-derived value into rsp, enabling a conventional ROP chain and arbitrary code execution.