<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Re: problem in off by one overflow

Re: problem in off by one overflow

From: Alex <alex00882007_at_gmail.com>
Date: Mon, 7 Feb 2005 20:01:13 +0000

On Mon, 07 Feb 2005 09:08:45 -0800 (PST), Breno Pinto
<breno_at_secforum.com.br> wrote:
>
>
> Hi,
>
> I have problem to exploit an off by one vulnerability. When i overwrite ebp with some data and i´t point to my NOPS, i receive an SIGSEGV message.
>
> SIGSEGV message in 0x90909090 ??
>
> I´m using red hat 7.3 and gcc 2.95.
>
> Anybody knows why 0x90909090 broke my exploitation ?
>
> Thanks
>
>
> Breno
>
Is eip pointing to 0x90909090? The problem is quite simple.
The base pointer is not over-written with the address of the
destination. Instead, it should be over-written with a pointer to the
address of your destination.

The EIP you see there is most likely the first 4 bytes of your
shellcode, NOP=0x90 on x86 intel.
Received on Feb 07 2005

This message: [ Message body ]
Next message: DePriest, Jason R.: "RE: SAM encrypted with syskey"
Previous message: Albert N. Umerov: "Re: win2k, XP deletes somename_files when somename.html deleted"
In reply to: Breno Pinto: "problem in off by one overflow"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos