lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue Jan 3 13:28:01 2006 From: ad at heapoverflow.com (ad@...poverflow.com) Subject: Win32 Heap Exploits -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 or this is because the bug he's working on has already been discovered & patched by an exception throwing the control to an handler, for example , you will notice exactly the same thing for the WINS bug discovered by n.waisman, if you are trying to exploit it yet on a patched ms box within ollydbg , you will be able to congrats because the debugger is able to handle the exception apart of the program , but without of course it's not possible, wins.exe throw us to another point, so anyway I bet the bug you are working on has been already discovered and patched. Nicolas RUFF wrote: >> But if i execute the server without ollydbg there happen nothing. >> Have anybody an idea what i make wrong. Test on a winxp sp1 >> system. > > As pointed out multiple times, Windows heap is not the same whether > the program is flagged as "being debugged" or not. > > You should always *attach* the debugger to the process and not run > the process from within the debugger. > > Regards, - Nicolas RUFF > _______________________________________________ Full-Disclosure - > We believe in it. Charter: > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and > sponsored by Secunia - http://secunia.com/ > > > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ7p7xa+LRXunxpxfAQJG2g/8DC+lPUQePKeSlFtA/APHtvijX90GG98c d5csM329v8CUOYpFUes88Mixtg1EOv2omb4Tkk6dFBtU2oIDJ1QxD0P1x3JUW6Op 9rUhcpeLcZmxLpe4VU8izL5szJlfyiOnxPlH8TznCF5AX2svxwqfFcNTQritgC61 C6C6rLzxOg+qJteKChwIn4Y0zPEpYpqLqkXDoqCSrrWmwfD3sFVkUmor4GfE6vnl T2tkJDViBq7vlKXpZs63Sr+9/J7UpB48CiugxZj08V37lxYlgXOuxV4agXwIcwFj 8CFV5GvmUi6N+u2LdFlFFaSzHT6GWPWyavtg4P0ND/0dgrYHPIwzMhR65VHdiWLT vczI/6Fwi2OQjRfZXWKviWSpACb1qizNXTuobp0FzS9Nio7NKNrWEzIVFwdT6O+A V56a6h8g5JoomSHkLJXTU6MWC5/TREJ6zh4kPr6dUYUdSrqJISKxN9ssorK7khik jqlM/olO5brruQBb+ytPt4MmW0vRFhZocHlMlWAGb1dClLaInvNawZ6rDgCIXdxj Q/tGK0jozgcDroaG2/DG7dhHndYROa9A0UFnJHlSfKX68hkwMbjpHsZVDRZ27QJF ATXMEm0S2vfWaUDRbtS7Dgs5fea8+RVM0+5uHNqrbEQlKQq4LhB58pVkWW8k2vDg GQ1BljBy3II= =CQ2k -----END PGP SIGNATURE-----
Powered by blists - more mailing lists