Vulnerability Development mailing list archives
Re: Getting Base Address using the Structured Exception Handler
From: "sk" <sk () scan-associates net>
Date: Thu, 26 Jun 2003 12:40:34 +0800
Dear Nobody Mind, HSJ's shellcode (http://hsj.shadowpenguin.org/misc/iis5mdac_exp.txt) works without using SEH. It should be able to find the kernel32 unless one 'rebase' it to somewhere else. If you check the aspcode.c (http://packetstormsecurity.nl/0209-exploits/aspcode.c), SEH is used not only in getting the kernel32 base memory, but for other purpose too. sk ----- Original Message ----- From: "Nobody Mind" <cod3po3t () yahoo com> To: <vuln-dev () securityfocus com> Sent: Thursday, June 26, 2003 4:49 AM Subject: Getting Base Address using the Structured Exception Handler
I basically am wondering if anyone has links or can post a short explanation of why (not how) using the SEH method works for getting the base address of kernel32.dll and others? Thanks __________________________________ Do you Yahoo!? SBC Yahoo! DSL - Now only $29.95 per month! http://sbc.yahoo.com
Current thread:
- Getting Base Address using the Structured Exception Handler Nobody Mind (Jun 25)
- Re: Getting Base Address using the Structured Exception Handler dave (Jun 25)
- Re: Getting Base Address using the Structured Exception Handler Costin Ionescu (Jun 26)
- Re: Getting Base Address using the Structured Exception Handler sk (Jun 26)
- Re: Getting Base Address using the Structured Exception Handler Gerardo Richarte (Jun 26)
- Re: Getting Base Address using the Structured Exception Handler Gerardo Richarte (Jun 26)
- Re: Getting Base Address using the Structured Exception Handler Gerardo Richarte (Jun 26)