msmq_deleteobject_ms05_017.pm different offset for different languages

[msf-list at jervus.it (msf-list at jervus.it)]

The FR offsets is different ok but is it 360 (like Italian) or is another one (for example 364)? 
This because is always 360 HDM can (can ? :-) add only few lines for most languages but if every lanuage have a 
different
offset the line are more.......and more...........

.........my maccherons english :-)

Thanks in advance
Acaro


> Da: Jerome Athias <jerome.athias at free.fr>
> Data: Tue, 13 Dec 2005 16:42:14 +0100
> A: "msf-list at jervus.it" <msf-list at jervus.it>
> Oggetto:
>
> oops
> i read this too fast, i've allready see this (different offsets between
> US and FR) with French platforms yes
> ...
>
> msf-list at jervus.it wrote:
>
> > Hi i'm playing with msmq_deleteobject_ms05_017.pm
> > with my win00 Italian version (SP0) and the exploit don't work;
> > after a little debug session i understand why.
> >
> > For the italian version the correct offset is 360 so i have add this:
> >
> > ??# Windows 2000 Italian SP0 SEH offset 
> >     substr($pattern, 360 + $hlen + 0, 4, pack('V', $target->[1]));
> >     substr($pattern, 360 + $hlen - 4, 2, "\xeb\x22");
> >
> >
> > for the english version (win00)the offset is:
> >
> > # Windows 2000 SEH offset goes first
> >     substr($pattern, 332 + $hlen + 0, 4, pack('V', $target->[1]));
> >     substr($pattern, 332 + $hlen - 4, 2, "\xeb\x22");
> >
> >
> >
> > It's the same for the Win00 Advenced Server Italian version (SP4)
> >
> > The only differnce is the offset, the return address is always the 
> > x004014e9 (pop pop ret)
> >
> > Someone know if the same for different languages?
> > For example French,Spanish or German version of win00?
> >
> > Thank you for your attention and sorry for my bad english :-(
> >
> >
> > Ciao
> > Acaro
> >
> >
> >
> > ??
> > >