mailing list archives
A Wee Bit of Help
From: mmiller at hick.org (mmiller at hick.org)
Date: Fri, 16 Mar 2007 13:50:05 -0700
On Fri, Mar 16, 2007 at 03:30:33PM -0500, H D Moore wrote:
This exception indicates that you control a pointer that is being
dereferenced and compared with zero. This is not exploitable for anything
other than a denial of a service. By placing a valid value into the EAX
register, you prevent the process from crashing, but you have no control
over execution. There may be another way to trigger code execution, but
changing the value of EAX to be a valid address is probably not it.
Something you might want to try is making EAX point to DWORD with the
value 0 (ie. 4 NULL bytes). This may change the logic of the application
and continue on to an exploitable exception.
A good, reliable address to use for this would be something like
0x7ffe0504 which is an unused (zero initialized) portion of
SharedUserData. It won't move around on you.