| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue Dec 27 15:19:16 2005 From: sanchez at osha.eu.int (Jose Ignacio Sanchez) Subject: win32 exploit development - weirdness?? It is possible that the return address to your shellcode changes when the debugger is not attached. So you are jumping to another place and the program crashes. ... just an idea... :) BR Topo[LB] -----Original Message----- From: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk]On Behalf Of RaMatkal Sent: martes, 27 de diciembre de 2005 13:55 To: full-disclosure@...ts.grok.org.uk Subject: [Full-disclosure] win32 exploit development - weirdness?? having one of those days....im about ready to put my foot through my computer.... writing stack overflow on win32 arc... i overflow eip with a pop/pop/ret, jump to my bind shellcode and im away.....all works perfectly but.... when i attach to the process with my debugger and step through the exploit, it works 100% of the time....however, when i try and exploit the server without the debugger attached, the service just seems to crash..... anyone have any idea what could cause this sort of behaviour? anyone have an idea how i can take a look at what is going wrong? remember, when i attach my debugger it works!!! Thanks in advance, RaMatkal -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051227/6603e59f/attachment.html
Powered by blists - more mailing lists