Full Disclosure mailing list archives

2 nice pop/pop/ret :) (update)

From: "class 101" <class101 () hat-squad com>
Date: Wed, 9 Mar 2005 10:01:57 +0100


 Here is the result of comparing some huge list of pop/pop/ret of XP SP1,
SP1a, SP2 ENGLISH

I got 2 universal offsets accross those 3 Os

SP2 ENGLISH

0x71ABE325 pop esi - pop - retbis - WS2_32.DLL
0x77E7F69E pop ebx - pop - retbis - RPCRT4.DLL

SP1a ENGLISH

0x71ABE325 pop edi - pop - retbis - WS2_32.DLL
0x77E7F69E pop ebx - pop - retbis  - KERNEL32.DLL

SP1 ENGLISH

0x71ABE325 pop edi - pop - retbis - WS2_32.DLL
0x77E7F69E pop ebx - pop - retbis - KERNEL32.DLL


enjoy :)


-------------------------------------------------------------
class101
Jr. Researcher
Hat-Squad.com
-------------------------------------------------------------


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

Current thread:

2 nice pop/pop/ret :) (update) class 101 (Mar 09)
- RE: 2 nice pop/pop/ret :) (update) Dave Korn (Mar 10)
  - Re: 2 nice pop/pop/ret :) (update) class 101 (Mar 11)
- <Possible follow-ups>
- Fw: 2 nice pop/pop/ret :) (update) class 101 (Mar 11)
- re: 2 nice pop/pop/ret :) (update) class 101 (Mar 11)