Metasploit mailing list archives
Executable Download and Execute - payload
From: opexoc at gmail.com (Jan Grzdyl)
Date: Sun, 16 Dec 2007 18:27:11 +0100
I try to exploit some app and in my exploit I overwrite SEH - thisshellcodedoes not work for this exploit.I am not 100% sure what you're saying here: do you mean that you can successfully control EIP, but the shellcode doesn't execute? If you are using the typical POP/POP/RET trampoline for your SEH overwrite, then set a breakpoint on the address of the POP/POP/RET and make sure that it's actually being hit.
Yes I am using typical POP/POP/RET trampoline for my SEH overwrite. Yes it is being hit. Afterwards, shellcode is being executed. Unfortunately this shellcode in this situation does not work. I suspect that it could be caused by that my exploit is overwriting SEH and when shellcode throw exception then it can't be handle. But, I am not convinced if this shellcode really throw exception because when I normally run such program in debugger: unsigned char scode[] = "<Your shellcode>"; int main(){ ((void (*)()) scode)(); return 0; } then there is no exceptions, but when I try to step by step ( F8 in olly ) execute program then there is thrown exception which can't be handle. It is very weird. best, -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.metasploit.com/pipermail/framework/attachments/20071216/4415f561/attachment.htm>
Current thread:
- Executable Download and Execute - payload Jan Grzdyl (Dec 15)
- Executable Download and Execute - payload J.M. Seitz (Dec 15)
- Executable Download and Execute - payload Jan Grzdyl (Dec 16)
- Executable Download and Execute - payload J.M. Seitz (Dec 16)
- Executable Download and Execute - payload Jan Grzdyl (Dec 16)
- Executable Download and Execute - payload H D Moore (Dec 16)
- Executable Download and Execute - payload Jan Grzdyl (Dec 16)
- Executable Download and Execute - payload J.M. Seitz (Dec 15)
- Executable Download and Execute - payload Jan Grzdyl (Dec 16)