Vulnerability Development mailing list archives
Re: SEH and overwrite EIP
From: opexoc () gmail com
Date: 1 Dec 2007 00:03:37 -0000
maybe I have formulated badly this question. I mean that if we can overwrite return address of the function properly ( without access violation ) then we can overwrite SEH properly ( without access violation ) and if we can overwrite SEH properly then we can overwrite return address properly. So it seems ( for me ) that SEH overwrite is equivalent to return address overwrite. Since return address is more simple to handle, so there is no need to play with SEH. So why hackers play with it? ( I talk there only about defualt SEH, which is encountered during access violation - i.e http://www.milw0rm.com/exploits/4651 ) Maybe I miss something very important there. best, opexoc
Current thread:
- SEH and overwrite EIP opexoc (Nov 30)
- <Possible follow-ups>
- Re: SEH and overwrite EIP opexoc (Nov 30)