Bugtraq mailing list archives
Re: hardcoded windows exploits
From: paceflow () HOTMAIL COM (Jeremy Kothe)
Date: Wed, 17 Nov 1999 14:10:16 PST
Well, IMO using such a routine is not necessary for something like a buffer overflow in a Ring3-Program under NT. In the win32 environment, all your applications that reside in the pageable memory pool (ALL User-Mode Apps) will always be loaded at a fixed base address. In that scenario, you can just as well use hard-coded addresses, namely those of the functions in the PE-Header of the exploited program.
This is fine IF the target .EXE or .DLL contains the functions you are looking for, AND if you don't mind re-coding (or re-adjusting) the exploit for each new overflow - with this method, you can write any exploit algorithm you choose - use URLDownloadToCacheFileA or winsock as per your preference, and it will work with ANY overflow situation. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Re: hardcoded windows exploits Jeremy Kothe (Nov 17)
- <Possible follow-ups>
- Re: hardcoded windows exploits Jeremy Kothe (Nov 17)