| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060330073540.3391.qmail@web38613.mail.mud.yahoo.com> Date: Thu Mar 30 08:35:50 2006 From: ahmadtauqeer at yahoo.com (Tauqeer Ahmad) Subject: What is the crap before SEH? Hello list, while disecting the Bluecoat winproxy long header vulnerability and the HD Moor exploit for that, i found in the stack dump a pointer just before SEH. this pointer is said to be the "the pointer ot next SEH structure". But when i change the single byte of that pointer the exploit didnt work, Although in my knowlege it should have worked since it's SEH which points to POP POP RET and the control transfers to our shellcode lying after SEH. I will appreciate a reply clearing the fact that where that pointer before SEH points to? is that pointer overwritten with the same address that was there before the overflow? It will sound navie for those who already know this concept yet i will appreciate a help from those guys by clearifying. I also know some guys will come up with the flame as its the Hacking culture to flame others who knows less then them. but i can remember the day when i used to wonder how they break into the system and i often got flamed for asking a question. yet i have come along this far by not heeding an ear to their flame and by keeping learning. so a flame will not work ofcourse :P Thanks in advance, --------------------------------- New Yahoo! Messenger with Voice. Call regular phones from your PC and save big. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060329/b601ecd8/attachment.html
Powered by blists - more mailing lists