Vulnerability Development mailing list archives
Re: Jump back to shellcode Windows overflow
From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 22 Apr 2003 10:45:52 -0700
How about just a short or near jmp? How many bytes between where EIP lands and your shellcode? I.E. jmp -128 or something? EB 80, I think.
BB chaboyd77 () yahoo com wrote:
I'm practicing developing Windows Buffer Overflows and have run into a slight snag. When I overwrite EIP with the address of "jmp ESP" I land below my shellcode instead of where the top of the stack used to be: <-----------400 bytes--------> [NOP's........Shellcode...EIP..*<-code jumps here**]
Current thread:
- Jump back to shellcode Windows overflow chaboyd77 (Apr 22)
- Re: Jump back to shellcode Windows overflow Blue Boar (Apr 22)
- Re: Jump back to shellcode Windows overflow Matt Conover (Apr 22)
- Re: Jump back to shellcode Windows overflow Dino Dai Zovi (Apr 23)
- <Possible follow-ups>
- Re: Jump back to shellcode Windows overflow chaboyd77 (Apr 24)
- heap overflow under solaris sparc Admin (Apr 28)
- Re: heap overflow under solaris sparc Claes Nyberg (Apr 28)
- heap overflow under solaris sparc Admin (Apr 28)