Bugtraq mailing list archives
Re: hard-coded windows exploits
From: core.lists.bugtraq () CORE-SDI COM (Gerardo Richarte)
Date: Wed, 17 Nov 1999 16:25:15 -0300
Jeremy Kothe wrote:
Just a general note concerning Windows overflows - most (if not all) of the publicly available exploits I have seen floating around are still using hard-coded addresses for system calls. Is this the only way to do this? Note that this method has been around for a while, but I haven't seen any public releases of it. If anyone knows of any other ways....
I don't think that this is the only way to do it, what about using direct system calls? you don't need addresses for that, just call INT 2e/2c/2b with the correct registers... I can add to this, that it may be a little harder to do, but anyway, kernel32.dll calls INTs or calls ntdll.dll that uses INT 2e/2c/2b to talk with NT's kernel, so everithing looks like possible with INTs. richie -- A390 1BBA 2C58 D679 5A71 - 86F9 404F 4B53 3944 C2D0 Investigacion y Desarrollo - CoreLabs - Core SDI http://www.core-sdi.com --- For a personal reply use gera () core-sdi com
Current thread:
- Re: hard-coded windows exploits Thomas Dullien (Nov 17)
- <Possible follow-ups>
- Re: hard-coded windows exploits Gerardo Richarte (Nov 17)
- Re: hard-coded windows exploits Simple Nomad (Nov 17)
- Re: hard-coded windows exploits dark spyrit (Nov 17)