Vulnerability Development mailing list archives
Re: PEB heap exploitation question
From: nolimit bugtraq <nolimit.bugtraq () gmail com>
Date: Tue, 24 May 2005 00:35:11 -0400
Hello 6d79676d61696c6163636f756e74, It's a shame that theirs not as much documentation on this subject, as stack overflows. It's a complex subject, and as such can only be explained by a handful of people. http://cansecwest.com/csw04/csw04-Oded+Connover.ppt This is one of the prominent sources about the method The Forced Coalescing method I believe is the method you seek clarity on. It's sad because thier was a much better presentation on heap overflows and SP2/2k3 protection breaking, but cybertech.net no longer hosts it. http://www.phreedom.org/solar/exploits/msasn1-bitstring/ This exploit seems to use the method you are speaking of, right down to the FastPebLockRoutine overwrite. It also explains decently well. Hopefully this will set you off in the right track. nolimit
Current thread:
- PEB heap exploitation question 6d79676d61696c6163636f756e74 (May 23)
- <Possible follow-ups>
- Re: PEB heap exploitation question nolimit bugtraq (May 25)