Metasploit mailing list archives

pattern_offset

From: hdm at metasploit.com (H D Moore)
Date: Wed, 21 Jan 2009 23:01:02 -0600

Your buffer is not overwriting the return address, something else is (or
the buffer is being mangled). Try looking around in memory to find the
string you sent (windbg 's' command, etc) and see how it is being
transformed. When in doubt, send more data ;-)


On Thu, 2009-01-22 at 04:23 +0000, Ricardo F. Teixeira wrote:

I try with pattern_create.rb with 72 and 220 value. With 72 it return
me the same address, and with 220 it return me 0x6f343d2d.

Current thread:

pattern_offset Ricardo F. Teixeira (Jan 21)
- pattern_offset Patrick Webster (Jan 21)
  - pattern_offset Ricardo F. Teixeira (Jan 21)
    - pattern_offset H D Moore (Jan 21)
    - pattern_offset Patrick Webster (Jan 21)