Vulnerability Development mailing list archives
ESI Manipulation?
From: Disco Jonny <discojonny () gmail com>
Date: Fri, 9 Dec 2005 13:51:52 +0000
Hi, I have been looking at stack stuff for a month or two now, so please forgive my ignorance. Anyways, I was idly writing some JavaScript last night, when a badly formed statement crashed my IE (Firefox recognises the bad script and wont attempt to run it) I fired up ollydb to take a look at it, and it would appear that I am somehow overwriting the ESI or EAX with 00000000. Now is there anything that I can do with this? I have tried to get it to overwrite with different values but I cant. This is probably nothing, but hey I thought I would ask. I don't know if this is of any use to anyone, but here is some info from ollydb. 636B43AE 8B32 MOV ESI,DWORD PTR DS:[EDX] 636B43B0 8942 14 MOV DWORD PTR DS:[EDX+14],EAX 636B43B3 FF36 PUSH DWORD PTR DS:[ESI] <-- throws exception here 636B43B5 8D4A 04 LEA ECX,DWORD PTR DS:[EDX+4] 636B43B8 50 PUSH EAX EAX 00000000 ECX 0637EE60 EDX 0637EE60 EBX FFFFFFFF ESP 0637EE44 EBP 0637EE7C ESI 00000000 EDI 0637EEF4 EIP 636B43B3 mshtml.636B43B3 0637EE44 00000000 0637EE48 637514E4 RETURN to mshtml.637514E4 from mshtml.636B4396 I have been doing a bit of googling, and I came across an article that seemed to suggest that setting the ESI to 000000000 is a security thing implemented by microsoft? This article was more confusing than helpful - although I think that is becuase the authour was assuming a level of skill that I don't currently posses. Any advice anyone? I am running a fully patched W2K box. Thanks, S.
Current thread:
- ESI Manipulation? Disco Jonny (Dec 10)
- Re: ESI Manipulation? Felix Lindner (Dec 13)
- Re: ESI Manipulation? 3APA3A (Dec 13)