Re: Win32 Shellcode question.

From: sk (sk_at_scan-associates.net)
Date: 11/29/03

• Previous message: Eric Hines: "Applied Watch Response to Bugtraq.org post - Was: Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)"
• In reply to: Vinay A. Maha***: "Win32 Shellcode question."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Sun, 30 Nov 2003 03:35:07 +0800
To: "Vinay A. Maha***" <devnull001@fastmail.fm>, vuln-dev@securityfocus.com, pentest@yahoogroups.com

> After the overflow, I can step through the NOP sled, and reach the above
> payload - meaning I have control over the CPU's exec path, and can make
> it execute my payload. However, I keep getting an "Access Violation"
> writing location.. error inside the "call eax" that corresponds with
> LoadLibrary("msvcrt").

It looks like to me that you should adjust the ESP first. If the ESP is
just below your code, you may end up overwriting your own shellcode. Or if
it is too near the beginning of a page, you wont get enough stack to work
with. Adjusting ESP may help to fix the problem.

sk

---

• Previous message: Eric Hines: "Applied Watch Response to Bugtraq.org post - Was: Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)"
• In reply to: Vinay A. Maha***: "Win32 Shellcode question."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > vuln-dev  > 2003-11