Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

ms08-067 Exploit Technologies

From: yuange <yuange1975 () hotmail com>
Date: Fri, 29 Jan 2010 14:24:20 +0000

 

http://hi.baidu.com/yuange1975/blog/item/d648f4f0e1a925c87931aad7.html

 

the exploit need two  0x5c, one is len,the other is ptr .you can control ptr .

 

 

 

memory:

 

  
vista:      0x00000209     len=5c 0x00000209     ch=0x0000005c        a       b     ebp    ret   00000000 outcopy   ptr 
e out    bbbbbb
                                                

win2003:      len=0x0000005c    wcslen    ptr1   ecx    ebp ret    00000000     outcpy    ptr e   out    bbbbbb
                                                             

winxp:        len=0x0000005c     wcslen     ptr1 ecx    ebp ret     00000000    outcpy   ptr e    out     bbbbbb
          


win2000:    ptr   5c             r    00000000    outcpy     ptr bbbbbbbbbbbbbbbbb out
                                                                                
  

 

 

 

                                                             yuange

 

                                        http://hi.baidu.com/yuange1975/blog
                                          
_________________________________________________________________
SkyDrive电子画册,带你领略精彩照片,分享“美”时“美”刻!
http://www.windowslive.cn/campaigns/e-magazine/ngmchina/?a=c
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: