Re: odd exploitation question

["Dave Korn" <dave.korn () artimi com>]

On 24 August 2006 16:11, Jeremy Kelley wrote:

> I'm a little stumped writing an exploit for an ActiveX object and so I
> figured I'd pester this list for a bit of help.
>
> My exploit works flawlessy when attached to the process in the
> debugger.  Doesn't exec calc.exe when run w/o a debugger.

  Different heap behaviour is invoked when you run a process under the
debugger.  See earlier posts on this list...
 
> 1) The heap is different when run under a debugger (thx HD for the
> tip), but, I'm attaching the process with Olly _after_ it's already
> running. 

  Ah.  That's different.

> Windows doesn't do some whacked-out mojo and start using the
> debug-heap on any heap allocations following, right?  I can't fathom
> how that would work.

  Nope, it doesn't do that.
 
> 2) What could cause the shellcode to execute flawlessly under a
> debugger but not other times.  It's an exec - so I can't imagine the
> process is dying before it's kickstarted calc.exe.. exec doesn't work
> that way.

  Debugger having a first-chance exception filter?

> Any help is greatly appreciated.  If I've left out necessary details,
> I'll be glad to share.

  Name and GUID of the AX ob?


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave