Vulnerability Development mailing list archives

RE: Exploiting in Unicode and XP SP2

From: "Ben Nagy" <ben () iagu net>
Date: Wed, 7 Jun 2006 10:24:07 +0700

-----Original Message-----
From: Ivan Stroks [mailto:ivanstroks () yahoo co nz] 
Sent: Tuesday, June 06, 2006 10:30 PM
To: vuln-dev () securityfocus com
Subject: Exploiting in Unicode and XP SP2

I am trying to exploit a stack buffer overflow in a
Windows Application running in XP SP2.

[...]

    . I have found an address with a call [ebp+30] in
Unicode.nls. In Windows 2000, I can execute the
instruction located in that memory space, where as in
XP, I cannot. Does XP prevent the execution of
intructions, if the memory hasn't Execute access?
Because I can execute in W2K, but not in XP.


Yes, XPSP2 does (under the default software DEP settings). The protection is
not generic unless you're using hardware DEP, but the page status is checked
during exception handling, so it won't dispatch to an NX page.

ben

Current thread:

Exploiting in Unicode and XP SP2 Ivan Stroks (Jun 06)
- Re: Exploiting in Unicode and XP SP2 H D Moore (Jun 06)
- RE: Exploiting in Unicode and XP SP2 Ben Nagy (Jun 07)