Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: exploiting/debuggin SetUnhandledException filter

exploiting/debuggin SetUnhandledException filter

From: <RaMatkal_at_hotmail.com>
Date: 20 Jun 2005 08:05:31 -0000
('binary' encoding is not supported, stored as-is) Hi,

I am working on a Win heap overflow that gives me control of eax and ecx and hence allows me to write a double word of memory to an arbitrary location...

I overwrite the SetUnhandledException filter with an address that will bounce me back to my shellcode.

the only problem is, that the unhandledexception filter does not get called while the vulnerable process is being debugged, say with ollydbg.

I think i remember reading somewhere that it is possible to make the UnhandledException filter get called from within a standard debugger such as ollydbg and was wandering if anyone knows how to do this...

(Kernel level debugger is not an option ie SoftIce)

Thanks very much

RaMatkal
Received on Jun 20 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos