XMPlayer PLS Buffer Overflow Module

[glinares.code at gmail.com (Greg Linares)]

I tried using EEReap and memdump and I couldn't find a universal jump
that didn't have restricted characters in it.  Most of the DLLs are
loaded below 0x00A00000 with the exception of one in which i could
only find the address 0x10002C12 which still wont work.

someone else should take a wack at it :)

Greg Linares


On 11/28/06, H D Moore <hdm at metasploit.com> wrote:
> FYI, you can also use 'memdump.exe' in the tools directory of v2.7. This
> will create a directory containing the process image broken into files
> based on the virtual address. The msfpescan -d <dir> option can be used
> to find return addresses in the memdump.exe output. Just cross-reference
> the opcode matches with the virtual addresses to determine which ones
> fall into the application's DLLs.
>
> Really short on free time lately, or I would do it myself :-/
>
> -HD
>
> On Tuesday 28 November 2006 21:58, Greg Linares wrote:
> > hate to double post but that tool Jerome mentioned is called EEReap
> > from Eeye. If no one grabs a universal address by tomorrow i'll
> > probably dive in and try for it :)