Bugtraq mailing list archives

Re: hard-coded windows exploits

From: core.lists.bugtraq () CORE-SDI COM (Gerardo Richarte)
Date: Wed, 17 Nov 1999 16:25:15 -0300


Jeremy Kothe wrote:


Just a general note concerning Windows overflows - most (if not all) of the
publicly available exploits I have seen floating around are still using
hard-coded addresses for system calls.

Is this the only way to do this? Note that this method has been around for a
while, but I haven't seen any public releases of it. If anyone knows of any
other ways....


        I don't think that this is the only way to do it, what about
using direct
system calls? you don't need addresses for that, just call INT 2e/2c/2b
with the
correct registers...

        I can add to this, that it may be a little harder to do, but
anyway,
kernel32.dll calls INTs or calls ntdll.dll that uses INT 2e/2c/2b to
talk with NT's kernel, so everithing looks like possible with INTs.

        richie

--
A390 1BBA 2C58 D679 5A71 - 86F9 404F 4B53 3944 C2D0
Investigacion y Desarrollo - CoreLabs - Core SDI
http://www.core-sdi.com

--- For a personal reply use gera () core-sdi com

Current thread:

Re: hard-coded windows exploits Thomas Dullien (Nov 17)
- <Possible follow-ups>
- Re: hard-coded windows exploits Gerardo Richarte (Nov 17)
- Re: hard-coded windows exploits Simple Nomad (Nov 17)
- Re: hard-coded windows exploits dark spyrit (Nov 17)