Dailydave mailing list archives
Re: Exploit development weirdness
From: Dave Aitel <dave () immunityinc com>
Date: Tue, 27 Dec 2005 10:19:37 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is this part of some effort to find out who responds first, DD or FD? In any case, this is what I do in such circumstances: 1. Check for \xcc in your shellcode which you left in for debugging and then forgot about 2. Check again, cause you missed one. 3. If, on the off chance, this is not the problem: 3a. Concurrency threading issues (a tough nut to crack - try a tiny shellcode that just does a connect() and see if you at least got that far) 3b. Try a lighter weight debugger and a heavier-weight debugger. In my case, this would be BinNavi (or Immunity's pyDBG) and SoftIce or maybe WinDBG. I'm just going to ASSUME you're using ollydbg, since you're asking for help. :> Ollydbg runs the CPU hardcore doing polls. Perhaps you can try setting Ollydbg in automatic trace mode, and seeing what that does? 3c. Perhaps there is also a heap overflow and you're triggering that too, but not in debug mode since the heap performs differently in debug mode. Make sure you unset the debug bit in the PEB for good measure. One thing: Always ATTACH, never "Load" the file you're trying to debug. - -dave RaMatkal wrote:
having one of those days....im about ready to put my foot through my computer.... writing stack overflow on win32 arc... i overflow eip with a pop/pop/ret, jump to my bind shellcode and im away.....all works perfectly but.... when i attach to the process with my debugger and step through the exploit, it works 100% of the time....however, when i try and exploit the server without the debugger attached, the service just seems to crash..... anyone have any idea what could cause this sort of behaviour? (my shellcode doesnt use IsDebuggerPresent hehe) anyone have an idea how i can take a look at what is going wrong? remember, when i attach my debugger it works!!! Thanks in advance, RaMatkal
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFDsVuJB8JNm+PA+iURAge3AJ0cxLNq4Mv6+pHodFpPvc5C/FfAXwCgoinj bhS/AjdtGtMh9Av3X571KxI= =DbPQ -----END PGP SIGNATURE-----
Current thread:
- OffensiveComputing val smith (Dec 09)
- Re: OffensiveComputing Dan Moniz (Dec 09)
- Re: OffensiveComputing Dave Aitel (Dec 10)
- Re: OffensiveComputing val smith (Dec 10)
- Re: OffensiveComputing Thorsten Holz (Dec 11)
- Exploit development weirdness RaMatkal (Dec 27)
- Re: Exploit development weirdness Dave Aitel (Dec 27)
- Message not available
- Fwd: OffensiveComputing val smith (Dec 10)
- Message not available
- Re: OffensiveComputing val smith (Dec 10)
- <Possible follow-ups>
- Re: OffensiveComputing Jeffrey Denton (Dec 10)
- Re: OffensiveComputing val smith (Dec 10)
- Message not available
- Re: OffensiveComputing val smith (Dec 10)
- Re: OffensiveComputing val smith (Dec 10)