Hosting Provided By

Re: Windows Heap Overflows In General

From: Vizzy <vizzy(at)freemail.hu>
Date: Mon Dec 02 2002 - 07:49:52 EST

Monday, December 02, 2002, 2:03:04 AM, you wrote:

BM> *) Remember with heap based overflows you can write multiple sets of 4
BM> bytes. It's not the registers you are overflowing, but a structure. What do
BM> the other structure bytes control? Size does matter!

Well, it's not always possible.

What if you can overwrite only one free chunk structure? Then, possibility to overwrite choosen 4 bytes will occur in a call to free(), when *BK (previous free chunk pointer) would be replaced with the offset to a newly free()'ed one, containing our supplied data.

-- 
have phun,
 Vizzy

Received on Mon Dec 2 12:14:51 2002

This message: [ Message body ]
Next message: Brett Moore: "RE: Windows Heap Overflows In General"
Previous message: David Litchfield: "Re: Windows Heap Overflows In General"
In reply to: Brett Moore: "Windows Heap Overflows In General"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:37 EDT