<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Vulnerability Development: Re: Help developing exploit

Re: Help developing exploit

From: <Valdis.Kletnieks_at_vt.edu>
Date: Sun, 27 May 2007 21:37:56 -0400

On Sun, 27 May 2007 12:15:38 -0000, KaCo678_at_aol.com said:

> If i look into the esp memory to find my 0x90 nop sled the adress where its
> at is 0013f318 but im sure im not able to use a null byte..

The standard solution here is that rather than having 0x0013f318 as the
target address, you do something like this:

        load register,=x'90836388'
        xor register,=x'90909090'
        (code to branch to where that register now points)

Or declare the target address as x'9013f318' and 'xor immediate' a x'90'
into the first byte... or other similar scheme...

-

application/pgp-signature attachment: stored

Received on May 27 2007

This message: [ Message body ]
Next message: Thomas Pollet: "Re: Help developing exploit"
Previous message: KaCo678_at_aol.com: "Re: Re: Help developing exploit"
In reply to: KaCo678_at_aol.com: "Re: Re: Help developing exploit"
Next in thread: KaCo678_at_aol.com: "Re: Re: Help developing exploit"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]