This whitepaper covers a new technique that utilizes DLL injection to inject a custom DLL into a running vulnerable process to add a POP POP RET sequence in the scenario that the vulnerable program does not include any null byte free sequences. This is a useful technique to exploit SEH buffer overflow attacks successfully.
You can download it from the following link: https://packetstormsecurity.com/files/download/155757/bypassing-nullbyte.pdf
Source: https://packetstormsecurity.com/files/155757/Bypassing-A-Null-Byte-POP-POP-RET-Sequence.html