[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <042001c60af8$775b09e0$0e8da8c0@agency.dom>
Date: Tue Dec 27 15:19:16 2005
From: sanchez at osha.eu.int (Jose Ignacio Sanchez)
Subject: win32 exploit development - weirdness??
It is possible that the return address to your shellcode changes when the
debugger is not attached.
So you are jumping to another place and the program crashes.
... just an idea... :)
BR
Topo[LB]
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk]On Behalf Of RaMatkal
Sent: martes, 27 de diciembre de 2005 13:55
To: full-disclosure@...ts.grok.org.uk
Subject: [Full-disclosure] win32 exploit development - weirdness??
having one of those days....im about ready to put my foot through my
computer....
writing stack overflow on win32 arc...
i overflow eip with a pop/pop/ret, jump to my bind shellcode and im
away.....all works perfectly but....
when i attach to the process with my debugger and step through the
exploit, it works 100% of the time....however, when i try and exploit the
server without the debugger attached, the service just seems to crash.....
anyone have any idea what could cause this sort of behaviour?
anyone have an idea how i can take a look at what is going wrong?
remember, when i attach my debugger it works!!!
Thanks in advance,
RaMatkal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20051227/6603e59f/attachment.html
Powered by blists - more mailing lists