You might try prefixing your shellcode with a sub esp, 0x100. The win32
functions you're calling might be mangling the stack.
----- Original Message -----
From: <gj_williams2000_at_yahoo.co.uk>
To: <vuln-dev_at_securityfocus.com>
Sent: Sunday, February 05, 2006 5:20 PM
Subject: Buffer Overrun Newbie
>I was messing about with my pc trying to learn how buffer overruns work
> (mostly as an excuse to use assembler) and I have run into a problem.
>
> The program I am exploiting is just a simple c program I wrote which
> mismanages a string provided by the user by copying it into a 512 byte
> variable on the stack without checking its length.
>
> My shellcode is supposed to display a messagebox that reads "hello
> world". When I compile my code into an executable and run it it works
> fine. I also tested it by writing a c program that has the shellcode
> defined as a constant and then jumps to it in memory which works fine
> but when I try and exploit the program I mentioned above it goes wrong.
> Could this be because its not running from readonly memory?
>
> Debugging the program in OllyDbg shows me that when I make a call to
> GetProcAddress in the Kernel32.dll the function returns
> error_proc_not_found whereas in the other cases it returns err_success.
> The function works fine returning the address to the function I want
> but a big section of the stack seems to get overwritten by garbage
> which breaks the rest of my code.
>
> Is this my fault or some kind of Windows security mechanism? Can
> anyone help me, I haven't found anything much on the net about it.
>
> Cheers for reading
> G
>
Received on Feb 06 2006
Intro
