Dailydave mailing list archives
Re: odd exploitation question
From: "Dave Korn" <dave.korn () artimi com>
Date: Thu, 24 Aug 2006 17:22:51 +0100
On 24 August 2006 16:11, Jeremy Kelley wrote:
I'm a little stumped writing an exploit for an ActiveX object and so I figured I'd pester this list for a bit of help. My exploit works flawlessy when attached to the process in the debugger. Doesn't exec calc.exe when run w/o a debugger.
Different heap behaviour is invoked when you run a process under the debugger. See earlier posts on this list...
1) The heap is different when run under a debugger (thx HD for the tip), but, I'm attaching the process with Olly _after_ it's already running.
Ah. That's different.
Windows doesn't do some whacked-out mojo and start using the debug-heap on any heap allocations following, right? I can't fathom how that would work.
Nope, it doesn't do that.
2) What could cause the shellcode to execute flawlessly under a debugger but not other times. It's an exec - so I can't imagine the process is dying before it's kickstarted calc.exe.. exec doesn't work that way.
Debugger having a first-chance exception filter?
Any help is greatly appreciated. If I've left out necessary details, I'll be glad to share.
Name and GUID of the AX ob? cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- odd exploitation question Jeremy Kelley (Aug 24)
- Re: odd exploitation question Alexander Sotirov (Aug 24)
- Re: odd exploitation question Dave Korn (Aug 24)
- Re: odd exploitation question RaMatkal (Aug 27)
- Re: odd exploitation question mikeiscool (Aug 25)
- reply summary (was: odd exploitation question) Jeremy Kelley (Sep 02)
- Re: reply summary Jared DeMott (Sep 03)