Vulnerability Development mailing list archives
Re: Help developing exploit
From: Valdis.Kletnieks () vt edu
Date: Sun, 27 May 2007 21:37:56 -0400
On Sun, 27 May 2007 12:15:38 -0000, KaCo678 () aol com said:
If i look into the esp memory to find my 0x90 nop sled the adress where its at is 0013f318 but im sure im not able to use a null byte..
The standard solution here is that rather than having 0x0013f318 as the target address, you do something like this: load register,=x'90836388' xor register,=x'90909090' (code to branch to where that register now points) Or declare the target address as x'9013f318' and 'xor immediate' a x'90' into the first byte... or other similar scheme... -
Attachment:
_bin
Description:
Current thread:
- Help developing exploit KaCo678 (May 26)
- Re: Help developing exploit Valdis . Kletnieks (May 26)
- Re: Help developing exploit Thomas Pollet (May 28)
- <Possible follow-ups>
- Re: Re: Help developing exploit KaCo678 (May 27)
- Re: Help developing exploit Valdis . Kletnieks (May 27)
- Re: Re: Help developing exploit KaCo678 (May 27)