Full Disclosure mailing list archives
What is the crap before SEH?
From: Tauqeer Ahmad <ahmadtauqeer () yahoo com>
Date: Wed, 29 Mar 2006 23:35:40 -0800 (PST)
Hello list, while disecting the Bluecoat winproxy long header vulnerability and the HD Moor exploit for that, i found in the stack dump a pointer just before SEH. this pointer is said to be the "the pointer ot next SEH structure". But when i change the single byte of that pointer the exploit didnt work, Although in my knowlege it should have worked since it's SEH which points to POP POP RET and the control transfers to our shellcode lying after SEH. I will appreciate a reply clearing the fact that where that pointer before SEH points to? is that pointer overwritten with the same address that was there before the overflow? It will sound navie for those who already know this concept yet i will appreciate a help from those guys by clearifying. I also know some guys will come up with the flame as its the Hacking culture to flame others who knows less then them. but i can remember the day when i used to wonder how they break into the system and i often got flamed for asking a question. yet i have come along this far by not heeding an ear to their flame and by keeping learning. so a flame will not work ofcourse :P Thanks in advance, --------------------------------- New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- What is the crap before SEH? Tauqeer Ahmad (Mar 29)
- RE: What is the crap before SEH? fd (Mar 30)