Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

dailydave logo Dailydave mailing list archives

Re: Non executable memory pages with AMD64 + XP SP2
From: Nicolas RUFF <nicolas.ruff () edelweb fr>
Date: Wed, 05 Jan 2005 19:46:58 +0100
So with it enabled you are getting no errors if you attempt a stack
based overflow?
Yes, stack-based shellcodes will run fine unless I manually specify /PAE in the BOOT.INI file.
However Microsoft is currently investigating the problem and I had a contact today with someone from out there. At first look it *might* be a problem with multi-boot systems.
Indeed my system is multi-booting Windows 2003 Server and Windows XP Pro (well ... you know, AMD64 is still expensive so I bought only one :-), so my NTLDR is Windows 2003 version. From there you can induce that PAE *might* be enabled by Windows XP NTLDR when /NoExecute parameter is detected, and not checked thereafter by NTOSKRNL. 

I think I will make more tests this week-end and keep you informed.

Regards,
- Nicolas RUFF
-----------------------------------
Security Consultant
EdelWeb (http://www.edelweb.fr/)
Mail : nicolas.ruff (at) edelweb.fr
-----------------------------------
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave

  By Date           By Thread  

Current thread:
  • Re: Non executable memory pages with AMD64 + XP SP2 Nicolas RUFF (Jan 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]