Full Disclosure mailing list archives
Re: Win32 Heap Exploits
From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Tue, 03 Jan 2006 14:27:33 +0100
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 or this is because the bug he's working on has already been discovered & patched by an exception throwing the control to an handler, for example , you will notice exactly the same thing for the WINS bug discovered by n.waisman, if you are trying to exploit it yet on a patched ms box within ollydbg , you will be able to congrats because the debugger is able to handle the exception apart of the program , but without of course it's not possible, wins.exe throw us to another point, so anyway I bet the bug you are working on has been already discovered and patched. Nicolas RUFF wrote:
But if i execute the server without ollydbg there happen nothing. Have anybody an idea what i make wrong. Test on a winxp sp1 system.As pointed out multiple times, Windows heap is not the same whether the program is flagged as "being debugged" or not. You should always *attach* the debugger to the process and not run the process from within the debugger. Regards, - Nicolas RUFF _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iQIVAwUBQ7p7xa+LRXunxpxfAQJG2g/8DC+lPUQePKeSlFtA/APHtvijX90GG98c d5csM329v8CUOYpFUes88Mixtg1EOv2omb4Tkk6dFBtU2oIDJ1QxD0P1x3JUW6Op 9rUhcpeLcZmxLpe4VU8izL5szJlfyiOnxPlH8TznCF5AX2svxwqfFcNTQritgC61 C6C6rLzxOg+qJteKChwIn4Y0zPEpYpqLqkXDoqCSrrWmwfD3sFVkUmor4GfE6vnl T2tkJDViBq7vlKXpZs63Sr+9/J7UpB48CiugxZj08V37lxYlgXOuxV4agXwIcwFj 8CFV5GvmUi6N+u2LdFlFFaSzHT6GWPWyavtg4P0ND/0dgrYHPIwzMhR65VHdiWLT vczI/6Fwi2OQjRfZXWKviWSpACb1qizNXTuobp0FzS9Nio7NKNrWEzIVFwdT6O+A V56a6h8g5JoomSHkLJXTU6MWC5/TREJ6zh4kPr6dUYUdSrqJISKxN9ssorK7khik jqlM/olO5brruQBb+ytPt4MmW0vRFhZocHlMlWAGb1dClLaInvNawZ6rDgCIXdxj Q/tGK0jozgcDroaG2/DG7dhHndYROa9A0UFnJHlSfKX68hkwMbjpHsZVDRZ27QJF ATXMEm0S2vfWaUDRbtS7Dgs5fea8+RVM0+5uHNqrbEQlKQq4LhB58pVkWW8k2vDg GQ1BljBy3II= =CQ2k -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Win32 Heap Exploits Nicolas RUFF (Jan 03)
- Re: Win32 Heap Exploits ad () heapoverflow com (Jan 03)