Metasploit mailing list archives
ani_loadimage_chunksize problem
From: security at vahle.de (Thomas Werth)
Date: Wed, 24 Oct 2007 13:34:39 +0200
Dear List, I'm having problems using the ani_loadimage_chunksize exploit with ie6 on win XP SP2 German. 've investigated what happens on windows site using IDA. With default adress for jmp esp an exception is thrown : "Memory could not be written The instruction at 0x0040afff referenced memory at 0x0040afff. The memory could not be written (0x0040afff -> 0040afff)" I looked up that segment and it was marked as R & D and public const. Well i came around this problem using another adress as jmp esp.
From ws2_32.dll "0x71a19372 push esp; ret" is taken.
Now the jmp esp is donw and lands in stack. But then the same exception is thrown. "Memory could not be written The instruction at 0x12decc referenced memory at 0x12decc. The memory could not be written (0x12decc -> 12decc)" Strange is that Segment is marked as W & D public Stack. So write access should be granted... Altouhg why in generell is there a write access violation when performing a nop or former a jmp esp ? Any help and clarification is welcome. regards, Thomas
Current thread:
- ani_loadimage_chunksize problem Thomas Werth (Oct 24)
- ani_loadimage_chunksize problem H D Moore (Oct 24)
- ani_loadimage_chunksize problem Thomas Werth (Oct 24)
- How Secure is Windows Hardware-enforced Data Execution Prevention [was ani_loadimage_chunksize problem] Thomas Werth (Oct 25)
- How Secure is Windows Hardware-enforced Data Execution Prevention [was ani_loadimage_chunksize problem] Rhys Kidd (Oct 25)
- How Secure is Windows Hardware-enforced Data Execution Prevention [was ani_loadimage_chunksize problem] Thomas Werth (Oct 29)
- How Secure is Windows Hardware-enforced Data Execution Prevention [was ani_loadimage_chunksize problem] Rhys Kidd (Oct 29)
- ani_loadimage_chunksize problem Thomas Werth (Oct 24)
- How Secure is Windows Hardware-enforced Data Execution Prevention [was ani_loadimage_chunksize problem] Pusscat (Oct 25)
- How Secure is Windows Hardware-enforced Data Execution Prevention [was ani_loadimage_chunksize problem] Thomas Werth (Oct 25)
- ani_loadimage_chunksize problem H D Moore (Oct 24)