Help required to understand the Exploits Better

[firstname lastname <psykosonik_frequenz () yahoo com>]

I want to understand what exactly an exploit module is doing on the victim's machine in a better way. If I run a 
metasploit exploit module against a Windows Target which triggers some vulnerability and exploits it to gain a reverse 
tcp shell for instance.

What I am trying to understand is, how does the memory map of the victim machine look like when the Application 
crashed. As an example to make it more clear what I want to know is:

I run a Browser Based exploit on Mozilla Firefox running on Victim's machine. This exploit crashes the browser on 
victim's machine and sends back a reverse tcp shell. At the very point, when the Browser Crashes on Victim's Machine, 
is it possible to take a look at the memory map to understand, what are the contents of the CPU Registers or to find 
out the shell code in memory?

I attached my debugger to firefox.exe process before launching the exploit. When I ran the exploit, firefox crashed, I 
also got the reverse tcp shell but in Olly Debugger, it showed no status info for the registers. That section went 
blank.

Can I find out the location of shellcode in memory and the value of EIP or things like that? I believe, since the 
exploit has already occurred, I need to set a breakpoint somewhere else in the code to pause the execution before 
shellcode gets executed. Any clues, how to go about it?

This is only for a better understanding of the Exploits.

Regards,
NeonFlash

_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework