lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20050319061151.1451.qmail@www.securityfocus.com>
Date: 19 Mar 2005 06:11:51 -0000
From: ATmaCA ATmaCA <atmaca@...acasoft.com>
To: bugtraq@...urityfocus.com
Subject: OllyDbg long process Module debug Vulnerability




Vendor:
Oleh Yuschuk

Application: 
OllyDbg
http://home.t-online.de/home/Ollydbg/

Introduction:
OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®.
Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.

Affected Versions:
1.10 (final version) and prior versions.

Overview:
In OllyDbg, if a target process loads modules that contains long name 
(greater than around 200 bytes), OllyDbg will be crashed.

This hole can be used for an anti-debug method for OllyDbg.


Vendor Status:
No vendor response.

Discovery: 
ATmaCA 
atmaca@...acasoft.com
www.atmacasoft.com
www.spyinstructors.com
Credit to Kozan

POC:
Debug this program with OllyDbg,
when the program runs, a folder that named "olly hole" will be 
created on desktop and a long named dll will be created in 
this folder.  then it will load this and finally
olly debug will be crashed.

http://www.atmacasoft.com/exp/OllyHole.exe

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ