Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Windows Heap Overflow

From: "johnny cyberpunk" <johncybpk () gmx net>
Date: Mon, 19 Apr 2004 16:31:54 +0200
hi,

@runix: the w00w00 heap tut will not help him.
first the windows heap structure is different from the linux oder bsd heaps.
and second the w00w00 heap tut is about bss heap stuff, not malloc/free heap
exploitation.

one paper i know about windows heap exploits was presented by david
litchfield on
blackhat windows 2004:

http://www.blackhat.com/presentations/win-usa-04/bh-win-04-litchfield/bh-win-04-litchfield.ppt

and the sample code:

http://www.blackhat.com/presentations/win-usa-04/bh-win-04-litchfield/bh-win-04-litchfield-code.rtf

another nice paper on how to exploit a windows rpc heap bug was written by
dave aitel.

http://www.immunitysec.com/papers/msrpcheap.pdf
http://www.immunitysec.com/papers/msrpcheap2.pdf


hope that helps.

cheers,
johnny cyberpunk / www.thc.org




----- Original Message ----- 
From: "runix" <runix () fallenroot net>
To: <vuln-dev () securityfocus com>
Sent: Saturday, April 17, 2004 12:54 AM
Subject: Re: Windows Heap Overflow



Not specifically windows, but you'll get what you need from this paper
by w00w00:
http://www.fallenroot.net/texts/bof/heaptut.txt

On Fri, 2004-04-16 at 20:07, lavmarco () freemail it wrote:

Hi all,

Where can i gain complete information (papers, tutorial, etc..)
about heap overflow exploitation in windows environment?

Is It similar to linux dmalloc chunk overflow?

Thank you in advance.


-----------------------------------------------------------
Spazio ILLIMITATO per la tua Email, Scanner Antivirus,
Antispam, Backup e POP3. Prova la nuova Email di superEva:
http://webmail.supereva.it/
-----------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: