Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnerability Development: Re: SEH and overwrite EIP

Re: SEH and overwrite EIP

From: <opexoc_at_gmail.com>
Date: 1 Dec 2007 00:03:37 -0000
('binary' encoding is not supported, stored as-is) maybe I have formulated badly this question. I mean that if we can overwrite return address of the function properly ( without access violation ) then we can overwrite SEH properly ( without access violation ) and if we can overwrite SEH properly then we can overwrite return address properly. So it seems ( for me ) that SEH overwrite is equivalent to return address overwrite. Since return address is more simple to handle, so there is no need to play with SEH. So why hackers play with it? ( I talk there only about defualt SEH, which is encountered during access violation - i.e http://www.milw0rm.com/exploits/4651 ) Maybe I miss something very important there.

best,

opexoc
Received on Nov 30 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos