Vulnerability Development mailing list archives
RE: Exploiting in Unicode and XP SP2
From: "Ben Nagy" <ben () iagu net>
Date: Wed, 7 Jun 2006 10:24:07 +0700
-----Original Message----- From: Ivan Stroks [mailto:ivanstroks () yahoo co nz] Sent: Tuesday, June 06, 2006 10:30 PM To: vuln-dev () securityfocus com Subject: Exploiting in Unicode and XP SP2 I am trying to exploit a stack buffer overflow in a Windows Application running in XP SP2.
[...]
. I have found an address with a call [ebp+30] in Unicode.nls. In Windows 2000, I can execute the instruction located in that memory space, where as in XP, I cannot. Does XP prevent the execution of intructions, if the memory hasn't Execute access? Because I can execute in W2K, but not in XP.
Yes, XPSP2 does (under the default software DEP settings). The protection is not generic unless you're using hardware DEP, but the page status is checked during exception handling, so it won't dispatch to an NX page. ben
Current thread:
- Exploiting in Unicode and XP SP2 Ivan Stroks (Jun 06)
- Re: Exploiting in Unicode and XP SP2 H D Moore (Jun 06)
- RE: Exploiting in Unicode and XP SP2 Ben Nagy (Jun 07)