Full Disclosure mailing list archives

Re: Win32 Heap Exploits

From: "ad () heapoverflow com" <ad () heapoverflow com>
Date: Tue, 03 Jan 2006 14:27:33 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
 
or this is because the bug he's working on has already been discovered
& patched by an exception throwing the control to an handler, for
example , you will notice exactly the same thing for the WINS bug
discovered by n.waisman, if you are trying to exploit it yet on a
patched ms box within ollydbg , you will be able to congrats because
the debugger is able to handle the exception apart of the program ,
but without of course it's not possible, wins.exe throw us to another
point, so anyway I bet the bug you are working on has been already
discovered and patched.


Nicolas RUFF wrote:

But if i execute the server without ollydbg there happen nothing.
 Have anybody an idea what i make wrong. Test on a winxp sp1
system.


As pointed out multiple times, Windows heap is not the same whether
the program is flagged as "being debugged" or not.

You should always *attach* the debugger to the process and not run
the process from within the debugger.

Regards, - Nicolas RUFF
_______________________________________________ Full-Disclosure -
We believe in it. Charter:
http://lists.grok.org.uk/full-disclosure-charter.html Hosted and
sponsored by Secunia - http://secunia.com/


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)
 
iQIVAwUBQ7p7xa+LRXunxpxfAQJG2g/8DC+lPUQePKeSlFtA/APHtvijX90GG98c
d5csM329v8CUOYpFUes88Mixtg1EOv2omb4Tkk6dFBtU2oIDJ1QxD0P1x3JUW6Op
9rUhcpeLcZmxLpe4VU8izL5szJlfyiOnxPlH8TznCF5AX2svxwqfFcNTQritgC61
C6C6rLzxOg+qJteKChwIn4Y0zPEpYpqLqkXDoqCSrrWmwfD3sFVkUmor4GfE6vnl
T2tkJDViBq7vlKXpZs63Sr+9/J7UpB48CiugxZj08V37lxYlgXOuxV4agXwIcwFj
8CFV5GvmUi6N+u2LdFlFFaSzHT6GWPWyavtg4P0ND/0dgrYHPIwzMhR65VHdiWLT
vczI/6Fwi2OQjRfZXWKviWSpACb1qizNXTuobp0FzS9Nio7NKNrWEzIVFwdT6O+A
V56a6h8g5JoomSHkLJXTU6MWC5/TREJ6zh4kPr6dUYUdSrqJISKxN9ssorK7khik
jqlM/olO5brruQBb+ytPt4MmW0vRFhZocHlMlWAGb1dClLaInvNawZ6rDgCIXdxj
Q/tGK0jozgcDroaG2/DG7dhHndYROa9A0UFnJHlSfKX68hkwMbjpHsZVDRZ27QJF
ATXMEm0S2vfWaUDRbtS7Dgs5fea8+RVM0+5uHNqrbEQlKQq4LhB58pVkWW8k2vDg
GQ1BljBy3II=
=CQ2k
-----END PGP SIGNATURE-----


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: Win32 Heap Exploits Nicolas RUFF (Jan 03)
- Re: Win32 Heap Exploits ad () heapoverflow com (Jan 03)