Vulnerability Development mailing list archives

Re: Help developing exploit

From: Valdis.Kletnieks () vt edu
Date: Sun, 27 May 2007 21:37:56 -0400

On Sun, 27 May 2007 12:15:38 -0000, KaCo678 () aol com said:

If i look into the esp memory to find my 0x90 nop sled the adress where its
at is 0013f318 but im sure im not able to use a null byte..


The standard solution here is that rather than having 0x0013f318 as the
target address, you do something like this:

        load    register,=x'90836388'
        xor     register,=x'90909090'
        (code to branch to where that register now points)

Or declare the target address as x'9013f318' and 'xor immediate' a x'90'
into the first byte... or other similar scheme...

-

Attachment: _bin
Description:

Current thread:

Help developing exploit KaCo678 (May 26)
- Re: Help developing exploit Valdis . Kletnieks (May 26)
- Re: Help developing exploit Thomas Pollet (May 28)
- <Possible follow-ups>
- Re: Re: Help developing exploit KaCo678 (May 27)
  - Re: Help developing exploit Valdis . Kletnieks (May 27)
- Re: Re: Help developing exploit KaCo678 (May 27)