Dailydave mailing list archives
Re: We hold these axioms to be self evident
From: Shane Macaulay <shane () security-objectives com>
Date: Fri, 22 Jan 2010 21:03:06 -0800
Here it is, I do not have an old enough VMWare, here are a few different examples of what I was talking about. At first I thought it would be fun to try to nail my cs register to the same value which the exploit used, however the novelty wore off quickly, especially after my host system rebooted :\ echo "!!!THIS IS NOT A VALID EXE!!!!" > a.exe --------------------------- 16 bit MS-DOS Subsystem --------------------------- Command Prompt - command /C a.exe The NTVDM CPU has encountered an illegal instruction. CS:0633 IP:001e OP:ff ff ff ff ff Choose 'Close' to terminate the application. echo "!!!THIS IS NOT A VALID EXE FILE!!!!" > a.exe --------------------------- 16 bit MS-DOS Subsystem --------------------------- Command Prompt - a The NTVDM CPU has encountered an illegal instruction. CS:052c IP:012a OP:ff ff f1 60 ff Choose 'Close' to terminate the application. Lots of variations on this theme; I guess the title of this email thread at this point would be better as "lame fuzzing with echo" :). echo "!!!!THIS IS NOT A VALID EXE FILE!!!!" > a.exe Running w/o command /C C:\temp>a ion →Out of environment space BMicrosoft(R) Windows DOS (C)Copyright Microsoft Corp 1990-1999. (Specified COMMAND search directory bad 6Specified COMMAND search directory bad access denied <Starts a new instance of the MS-DOS command interpreter. FCOMMAND [[drive:]path] [device] [/E:nnnnn] [/P] [/C string] [/MSG] On 1/21/2010 12:51 PM, Florian Weimer wrote:
Uhm, to start, integer overflow on executable header? (well, you should first recall about .exe or .com :-)). Just a guess.The extension doesn't really matter. If the file starts with "MZ", it's processed as an EXE file (with a header), otherwise, it's a headerless COM file.
_______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- We hold these axioms to be self evident dave (Jan 19)
- Re: We hold these axioms to be self evident Shane Macaulay (Jan 20)
- Re: We hold these axioms to be self evident twiz (Jan 20)
- Message not available
- Re: We hold these axioms to be self evident Shane Macaulay (Jan 24)
- Re: We hold these axioms to be self evident twiz (Jan 20)
- Re: We hold these axioms to be self evident Shane Macaulay (Jan 20)