RE: Understanding Windows Heap Overflows

["Dave Korn" <dave.korn () artimi com>]

  Apologies for resurrecting an old thread, but I just thought it worth
mentioning:

pbb wrote:

> With the example given, I couldn't get it to do anything, no 4 byte
> overwrite. I seem not to be able to step through a overwrite of the
> UEF in visual studio, I read somewhere it was because the debugger
> overwrites the Exception handler already so the original pointer isn't
> called thus the overflow overwrites the wrong address.
>
> I was able to get the SP2 one to work out of visual studio but not
> within, does anyone have a way around this issue.


  Using WinDbg
(http://www.microsoft.com/whdc/devtools/debugging/default.mspx) instead
worked for me.  I was using it for just this purpose at the time of the dcom
(blaster) bug; I was able to single step all the way through the user
exception dispatcher code, watch it unwind the entire exception handler
chain and eventually end up at the UEF.

  Start with "bp ntdll!RtlDispatchException" and take it from there!


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....