Re: Getting Base Address using the Structured Exception Handler

From: Nexus (nexus_at_patrol.i-way.co.uk)
Date: 06/26/03

  • Next message: Gerardo Richarte: "Re: Getting Base Address using the Structured Exception Handler"
    To: <dave@immunitysec.com>, "Nobody Mind" <cod3po3t@yahoo.com>
    Date: Thu, 26 Jun 2003 08:44:55 +0100
    
    

    ----- Original Message -----
    From: <dave@immunitysec.com>
    To: "Nobody Mind" <cod3po3t@yahoo.com>
    Cc: <vuln-dev@securityfocus.com>
    Sent: Wednesday, June 25, 2003 10:28 PM
    Subject: Re: Getting Base Address using the Structured Exception Handler

    [snip]

    > If you're looking for links to shellcode that does this, look for a
    > chunked asp heap overflow exploit written by the chinese...a lot of
    > chinese shellcode does (and has done for years) this trick. Most likely
    [snip]

    A [shellcode only] example of this can be seen here:
    http://www.darklab.org/archive/msg00183.html

    A couple of useful links that give an overview of the SEH itself:
    http://www.jorgon.freeserve.co.uk/ExceptFrame.htm
    http://www.microsoft.com/msj/0197/Exception/Exception.aspx

    FWIW, you may want to hunt around some VX source as the VX folks have been
    doing this for ummmm... ages ;-)
    http://29a.host.sk/ezine.html is probably a good start.

    Cheers,
                JJ


  • Next message: Gerardo Richarte: "Re: Getting Base Address using the Structured Exception Handler"