Hi,
I have been looking at stack stuff for a month or two now, so please
forgive my ignorance.
Anyways, I was idly writing some JavaScript last night, when a badly
formed statement crashed my IE (Firefox recognises the bad script and
wont attempt to run it)
I fired up ollydb to take a look at it, and it would appear that I am
somehow overwriting the ESI or EAX with 00000000.
Now is there anything that I can do with this? I have tried to get it
to overwrite with different values but I cant. This is probably
nothing, but hey I thought I would ask. I don't know if this is of
any use to anyone, but here is some info from ollydb.
636B43AE 8B32 MOV ESI,DWORD PTR DS:[EDX]
636B43B0 8942 14 MOV DWORD PTR DS:[EDX+14],EAX
636B43B3 FF36 PUSH DWORD PTR DS:[ESI] <-- throws exception here
636B43B5 8D4A 04 LEA ECX,DWORD PTR DS:[EDX+4]
636B43B8 50 PUSH EAX
EAX 00000000
ECX 0637EE60
EDX 0637EE60
EBX FFFFFFFF
ESP 0637EE44
EBP 0637EE7C
ESI 00000000
EDI 0637EEF4
EIP 636B43B3 mshtml.636B43B3
0637EE44 00000000
0637EE48 637514E4 RETURN to mshtml.637514E4 from mshtml.636B4396
I have been doing a bit of googling, and I came across an article that
seemed to suggest that setting the ESI to 000000000 is a security
thing implemented by microsoft? This article was more confusing than
helpful - although I think that is becuase the authour was assuming a
level of skill that I don't currently posses.
Any advice anyone?
I am running a fully patched W2K box.
Thanks,
S.
Received on Dec 10 2005
Intro
