Dailydave: Re: Understanding Windows Heap Overflows

[pbb <pbb () 65535 com>]

Thanks guys for all the responses,

I've actually had an app I was playing with (that I suspected had a heap 
overflow that I was trying to exploit.) get an overflow with control of 
the eax and ecx registers so thought I had it but couldn't move from 
here to executing code. I haven't looked at it for a while as I knew I 
didn't understand the technique as well as I thought. I hope that I can 
step through the examples you guys have given me and progress ever so 
slightly in my knowledge of these types of exploitation.
I've been stepping through Brett's link and hope this will get me over 
the issue I was having. I'm not sure if it's because the app I was 
looking at was multithreaded and the overflows are not simple like a 
stack one were at the end of the function overflowed it executes.
I try and look at Matt's example over the weekend. Thanks for the help.

Paul.