Vulnerability Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SEH and overwrite EIP

From: opexoc () gmail com
Date: 1 Dec 2007 00:03:37 -0000
maybe I have formulated badly this question. I mean that if we can overwrite return address of the function properly ( 
without access violation ) then we can overwrite SEH properly ( without access violation ) and if we can overwrite SEH 
properly then we can overwrite return address properly. So it seems ( for me ) that SEH overwrite is equivalent to  
return address overwrite. Since return address is more simple to handle, so there is no need to play with SEH. So why 
hackers play with it? ( I talk there only about defualt SEH, which is encountered during access violation - i.e 
http://www.milw0rm.com/exploits/4651 ) Maybe I miss something very important there.

best,

opexoc
Previous By Date Next
Previous By Thread Next

Current thread: