Vulnerability Development mailing list archives

Re: Getting Base Address using the Structured Exception Handler

From: "sk" <sk () scan-associates net>
Date: Thu, 26 Jun 2003 12:40:34 +0800

Dear Nobody Mind,

HSJ's shellcode (http://hsj.shadowpenguin.org/misc/iis5mdac_exp.txt) works
without using SEH. It should be able to find the kernel32 unless one
'rebase' it to somewhere else.

If you check the aspcode.c
(http://packetstormsecurity.nl/0209-exploits/aspcode.c), SEH is used not
only in getting the kernel32 base memory, but for other purpose too.

sk
----- Original Message ----- 
From: "Nobody Mind" <cod3po3t () yahoo com>
To: <vuln-dev () securityfocus com>
Sent: Thursday, June 26, 2003 4:49 AM
Subject: Getting Base Address using the Structured Exception Handler

I basically am wondering if anyone has links or can
post a short explanation of why (not how) using the
SEH method works for getting the base
address of kernel32.dll and others?
Thanks


__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com

Current thread:

Getting Base Address using the Structured Exception Handler Nobody Mind (Jun 25)
- Re: Getting Base Address using the Structured Exception Handler dave (Jun 25)
  - Re: Getting Base Address using the Structured Exception Handler Nexus (Jun 26)
    - Re: Getting Base Address using the Structured Exception Handler dave (Jun 26)
- Re: Getting Base Address using the Structured Exception Handler Costin Ionescu (Jun 26)
- Re: Getting Base Address using the Structured Exception Handler sk (Jun 26)
- Re: Getting Base Address using the Structured Exception Handler Gerardo Richarte (Jun 26)
  - Re: Getting Base Address using the Structured Exception Handler Gerardo Richarte (Jun 26)
  - Re: Getting Base Address using the Structured Exception Handler Gerardo Richarte (Jun 26)