Vulnerability Development mailing list archives

Re: controlling ebp/eip of a frame, does it always lead to possible code execution?

From: Ingram <Vail () gmx net>
Date: Thu, 18 Sep 2003 19:44:42 +0200 (MEST)

deepcode . wrote:

By the looks of it, you are doing everything right. Your overwritten return

address points
directly to your nop's. The shellcode should be executed.

What OS are you on, you may have aditional stack protections on the system 
to prevent
standard overflows, particularly redhat 9 (shrike), which i'm using now, 
will prevent this: not
sure exactly how yet ...


*doh*, sorry forgot to mention the os, i am running freebsd 4.8 without any 
stack protections. 

-- 
+++ GMX - die erste Adresse für Mail, Message, More! +++

Getestet von Stiftung Warentest: GMX FreeMail (GUT), GMX ProMail (GUT)
(Heft 9/03 - 23 e-mail-Tarife: 6 gut, 12 befriedigend, 5 ausreichend)

Jetzt selbst kostenlos testen: http://www.gmx.net

Current thread:

controlling ebp/eip of a frame, does it always lead to possible code execution? Ingram (Sep 18)
- Re: controlling ebp/eip of a frame, does it always lead to possible code execution? Steven Hill (Sep 19)
- <Possible follow-ups>
- Re: controlling ebp/eip of a frame, does it always lead to possible code execution? Ingram (Sep 18)
- Re: controlling ebp/eip of a frame, does it always lead to possible code execution? deepcode . (Sep 18)
- RE: controlling ebp/eip of a frame, does it always lead to possible code execution? Fisch, Matthew (Sep 22)