What is the crap before SEH?

[Tauqeer Ahmad <ahmadtauqeer () yahoo com>]

Hello list,
   
  while disecting the Bluecoat winproxy long header vulnerability and the HD Moor exploit for that, i found in the 
stack dump a pointer just before SEH. this pointer is said to be the "the pointer ot next SEH structure". But when i 
change the single byte of that pointer the exploit didnt work, Although in my knowlege it should have worked since it's 
SEH which points to POP POP RET and the control transfers to our shellcode lying after SEH. I will appreciate a reply 
clearing the fact that where that pointer before SEH points to? is that pointer overwritten with the same address that 
was there before the overflow?
   
  It will sound navie for those who already know this concept yet i will appreciate a help from those guys by 
clearifying. I also know some guys will come up with the flame as its the Hacking culture to flame others who knows 
less then them. but i can remember the day when i used to wonder how they break into the system and i often got flamed 
for asking a question. yet i have come along this far by not heeding an ear to their flame and by keeping learning. so 
a flame will not work ofcourse :P
   
  Thanks in advance,
   
   
   
   

                
---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/