Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: XP SP2 - "Exploit writers need to stop being such a pussy"

From: "Halvar Flake" <HalVar () gmx de>
Date: Wed, 11 Aug 2004 19:57:23 +0200 (MEST)
XP Pro comes with the full IIS (5.1) suite; web server, mail server, ftp 
server, etc. I was testing out some older ISAPI overflows on IIS 5.1 w/XP 
SP2, the only significant difference in exploiting them is that all regs 
(cept ebp, esp) are cleared when the exception handler kicks. It took all 
of 30 seconds or so to get the code working. Simply changing the returns 

from jmp/call reg to pop/pop/[...]/ret [1] fixed it right up. SP2 doesn't

do much at all for third-party applications.


The stack canary looks static at first glance, too (altho I haven't
installed the files).

Anyone played with the memory protection stuff yet ?

Cheers,
Halvar

-- 
NEU: WLAN-Router für 0,- EUR* - auch für DSL-Wechsler!
GMX DSL = supergünstig & kabellos http://www.gmx.net/de/go/dsl

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave
Previous By Date Next
Previous By Thread Next

Current thread: