Vulnerability Development mailing list archives
Re: Windows Heap Overflow
From: "johnny cyberpunk" <johncybpk () gmx net>
Date: Mon, 19 Apr 2004 16:31:54 +0200
hi, @runix: the w00w00 heap tut will not help him. first the windows heap structure is different from the linux oder bsd heaps. and second the w00w00 heap tut is about bss heap stuff, not malloc/free heap exploitation. one paper i know about windows heap exploits was presented by david litchfield on blackhat windows 2004: http://www.blackhat.com/presentations/win-usa-04/bh-win-04-litchfield/bh-win-04-litchfield.ppt and the sample code: http://www.blackhat.com/presentations/win-usa-04/bh-win-04-litchfield/bh-win-04-litchfield-code.rtf another nice paper on how to exploit a windows rpc heap bug was written by dave aitel. http://www.immunitysec.com/papers/msrpcheap.pdf http://www.immunitysec.com/papers/msrpcheap2.pdf hope that helps. cheers, johnny cyberpunk / www.thc.org ----- Original Message ----- From: "runix" <runix () fallenroot net> To: <vuln-dev () securityfocus com> Sent: Saturday, April 17, 2004 12:54 AM Subject: Re: Windows Heap Overflow
Not specifically windows, but you'll get what you need from this paper by w00w00: http://www.fallenroot.net/texts/bof/heaptut.txt On Fri, 2004-04-16 at 20:07, lavmarco () freemail it wrote:Hi all, Where can i gain complete information (papers, tutorial, etc..) about heap overflow exploitation in windows environment? Is It similar to linux dmalloc chunk overflow? Thank you in advance. ----------------------------------------------------------- Spazio ILLIMITATO per la tua Email, Scanner Antivirus, Antispam, Backup e POP3. Prova la nuova Email di superEva: http://webmail.supereva.it/ -----------------------------------------------------------
Current thread:
- Windows Heap Overflow lavmarco (Apr 16)
- Re: Windows Heap Overflow runix (Apr 18)
- Re: Windows Heap Overflow johnny cyberpunk (Apr 19)
- <Possible follow-ups>
- Re: Windows Heap Overflow Douglas Santos (Apr 19)
- intercept nt/2k kernel api? Oleg K . Artemjev (Apr 20)
- Re: intercept nt/2k kernel api? Nicolas RUFF (lists) (Apr 21)
- intercept nt/2k kernel api? Oleg K . Artemjev (Apr 20)
- Re: Windows Heap Overflow runix (Apr 18)