How to exploit unhandled exception

[mmiller at hick.org (mmiller at hick.org)]

On Mon, Feb 12, 2007 at 11:46:52AM +0100, Thomas Werth wrote:
> EIP 727F1FC3 -> mfc42u.dll:727F1FC3 db 0CCh //above and behind even more
> 0cch

It looks like you're hitting a breakpoint exception (given that eip
is executing a 0xcc).  Somehow you are causing execution to hit an int3
that's embedded in msvcrt.  Since you say there are more 0xcc's around
it, I'm guessing that it's hitting in an area of padding between
functions.  You'll have to use the debugger to try to figure out why
execution is being transferred to this address.  There really isn't
any one best strategy to go about this, but if you can get a basic idea
of parent functions, you can breakpoint your way to the problem.