lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <Pine.LNX.4.44.0411101112370.27973-100000@canuck.gen.nz> Date: Wed, 10 Nov 2004 11:19:08 -0800 (PST) From: "J. S. Connell" <ankh@...uck.gen.nz> To: bugtraq@...urityfocus.com Subject: Re: BoF in Windows 2000: ddeshare.exe On Tue, 9 Nov 2004 Valdis.Kletnieks@...edu wrote: > Ah, but what if the 2 trailing B's are replaced by 2 Unicode chars that > together take up 4 bytes? ;) Or we can realize that in Windows NT, XP, and above, all "characters" are two-byte-wide UNICODE characters, and that we're not seeing "[NULs] inserted between characters" but simply UNICODE characters with very low ordinals. It's probably worth pointing out that a large fraction of the 16-bit UNICODE space is taken up with Chinese, Japanese, and Korean characters. In fact, UNICODE codepoint 0x9090 happens to be the Chinese character for [li3], "winding" or "meandering". Chinese poetry shellcode, anybody? --Jeffrey
Powered by blists - more mailing lists