Dailydave mailing list archives
Re: Understanding Windows Heap Overflows
From: Matt Conover <mconover () gmail com>
Date: Fri, 7 Oct 2005 03:50:18 -0700
ahh also about the xpsp2 version went.... i had just posted it for a few weeks because it doesn't seem publication quality to me. but i didn't know anyone wanted it. so i will leave it in place this time. it is here: http://www.cybertech.net/~sh0ksh0k/heap i included in there: 1. a cool article that Kostya Kortchinsky wrote about the original cansecwest 04 presentation.. it's in french, but it's so well written that even people that don't know french can understand it :) 2. the original cansecwest 04 presentation 3. the updated xpsp2 presentation that discusses low frag heap and defeating safe unlinkg 4. local proof of concept for pre-xpsp2 and xpsp2 you should change shellcode.[ch] to not use hardcoded addresses 5. remote proof of concept for pre-xpsp1 you should change shellcode.[ch] to not use hardcoded addresses. again though, it more appropriate for someone write a paper. code snippets and powerpoint presentations are not really adequate for a complex topic like this one. though, it won't be me... i've spent too much time on it already, it rots your brain after a while :)
Current thread:
- Re: Understanding Windows Heap Overflows, (continued)
- Re: Understanding Windows Heap Overflows pbb (Oct 04)
- RE: Understanding Windows Heap Overflows Brett Moore (Oct 04)
- RE: Understanding Windows Heap Overflows Ben Nagy (Oct 04)
- Re: Understanding Windows Heap Overflows pbb (Oct 05)
- RE: Understanding Windows Heap Overflows Brett Moore (Oct 05)
- RE: Understanding Windows Heap Overflows Dave Korn (Oct 19)
- Re: Understanding Windows Heap Overflows Matt Conover (Oct 19)
- RE: Understanding Windows Heap Overflows Dave Korn (Oct 20)
- Re: Understanding Windows Heap Overflows pbb (Oct 07)
- Re: Understanding Windows Heap Overflows Matt Conover (Oct 07)
- Re: Understanding Windows Heap Overflows Nicolas Waisman (Oct 07)
- Re: Understanding Windows Heap Overflows Dave Aitel (Oct 07)