Metasploit mailing list archives
A Wee Bit of Help
From: mmiller at hick.org (mmiller at hick.org)
Date: Fri, 16 Mar 2007 13:50:05 -0700
On Fri, Mar 16, 2007 at 03:30:33PM -0500, H D Moore wrote:
This exception indicates that you control a pointer that is being dereferenced and compared with zero. This is not exploitable for anything other than a denial of a service. By placing a valid value into the EAX register, you prevent the process from crashing, but you have no control over execution. There may be another way to trigger code execution, but changing the value of EAX to be a valid address is probably not it. Something you might want to try is making EAX point to DWORD with the value 0 (ie. 4 NULL bytes). This may change the logic of the application and continue on to an exploitable exception.
A good, reliable address to use for this would be something like 0x7ffe0504 which is an unused (zero initialized) portion of SharedUserData. It won't move around on you.
Current thread:
- A Wee Bit of Help J. M. Seitz (Mar 16)
- A Wee Bit of Help H D Moore (Mar 16)
- A Wee Bit of Help mmiller at hick.org (Mar 16)
- A Wee Bit of Help H D Moore (Mar 16)