Re: Some help With BOF Exploits Writing. - EAX ?!
From: master of chaos - lord of mean (losTrace_at_gmx.de)
Date: 07/31/03
- Previous message: Michael Wojcik: "RE: Password Cracking Challenge..."
- In reply to: optikool_at_psyfreakz.org: "Re: Some help With BOF Exploits Writing. - EAX ?!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: vuln-dev@securityfocus.com Date: Thu, 31 Jul 2003 20:40:43 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
only changing registers does not make a lot of sense.
the thing is:
registers can be thought of as variables. you use them to store data.
IF your program uses EAX as a function-pointer, thus doing a jmp EAX,
or it stores EAX in some location used for function-pointers, then storing
your shellcode-address there would mean that you overwrite the function-
pointer with a pointer to your code. when the jmp or call is done, your
code will be executed.
now if it does not, just check what EAX is used for and check if you can't
use it in another way, e.g. an integer-overflow or whatever.
you should also check the vuln-dev-challenges. they occured some weeks
ago. check out the archives of vuln-dev.
BTW: you should read some basic assembly-books ;)
- -
This is a .signature-virus. If you see this, copy it into your .signature!
If you don't know what a .signature is, you've most probably been infected
by another virus of name Microsoft. In this case, please remove yourself
from my fov or infect yourself with linux ;) || GPG public key available
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/KWNfWCFHEwXrEHMRAmePAJ43HaFpxKcfz7iyMRv8EllZsFLsBACgjpeM
/QMe/li+Tjdtoljdwl76zUY=
=VS+q
-----END PGP SIGNATURE-----
- Previous message: Michael Wojcik: "RE: Password Cracking Challenge..."
- In reply to: optikool_at_psyfreakz.org: "Re: Some help With BOF Exploits Writing. - EAX ?!"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
