Home page logo

metasploit logo Metasploit mailing list archives

A Wee Bit of Help
From: mmiller at hick.org (mmiller at hick.org)
Date: Fri, 16 Mar 2007 13:50:05 -0700

On Fri, Mar 16, 2007 at 03:30:33PM -0500, H D Moore wrote:
This exception indicates that you control a pointer that is being 
dereferenced and compared with zero. This is not exploitable for anything 
other than a denial of a service. By placing a valid value into the EAX 
register, you prevent the process from crashing, but you have no control 
over execution. There may be another way to trigger code execution, but 
changing the value of EAX to be a valid address is probably not it.

Something you might want to try is making EAX point to DWORD with the 
value 0 (ie. 4 NULL bytes). This may change the logic of the application 
and continue on to an exploitable exception.

A good, reliable address to use for this would be something like
0x7ffe0504 which is an unused (zero initialized) portion of
SharedUserData.  It won't move around on you.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]