Re: hardcoded windows exploits

[paceflow () HOTMAIL COM (Jeremy Kothe)]

> Well, IMO using such a routine is not necessary for something like a buffer
> overflow in a Ring3-Program under NT. In the win32 environment, all your
> applications that reside in the pageable memory pool (ALL User-Mode Apps)
> will always be loaded at a fixed base address. In that scenario, you can
> just as well use hard-coded addresses, namely those of the functions in the
> PE-Header of the exploited program.

This is fine IF the target .EXE or .DLL contains the functions you are
looking for, AND if you don't mind re-coding (or re-adjusting) the exploit
for each new overflow - with this method, you can write any exploit
algorithm you choose - use URLDownloadToCacheFileA or winsock as per your
preference, and it will work with ANY overflow situation.

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com