Vulnerability Development mailing list archives
Re: problem in off by one overflow
From: Alex <alex00882007 () gmail com>
Date: Mon, 7 Feb 2005 20:01:13 +0000
On Mon, 07 Feb 2005 09:08:45 -0800 (PST), Breno Pinto <breno () secforum com br> wrote:
Hi, I have problem to exploit an off by one vulnerability. When i overwrite ebp with some data and i´t point to my NOPS, i receive an SIGSEGV message. SIGSEGV message in 0x90909090 ?? I´m using red hat 7.3 and gcc 2.95. Anybody knows why 0x90909090 broke my exploitation ? Thanks Breno
Is eip pointing to 0x90909090? The problem is quite simple. The base pointer is not over-written with the address of the destination. Instead, it should be over-written with a pointer to the address of your destination. The EIP you see there is most likely the first 4 bytes of your shellcode, NOP=0x90 on x86 intel.
Current thread:
- problem in off by one overflow Breno Pinto (Feb 07)
- Re: problem in off by one overflow Alex (Feb 07)
- <Possible follow-ups>
- RE: problem in off by one overflow Steven Alexander (Feb 07)