Hosting Provided By

Re: Jump back to shellcode Windows overflow

From: Dino Dai Zovi <ddz(at)theta44.org>
Date: Tue Apr 22 2003 - 18:33:58 EDT

Have you tried putting your shellcode after the saved EIP? Use the fact that ESP points to just after the location of the saved EIP as a blessing and just put your shellcode at the end.

[ 396 bytes padding ] [ RET ] [NOP*] [ SHELLCODE ]

You'll often have more room for your shellcode after the saved return address anyway.

Have fun,

-Dino

On Monday, April 21, 2003, at 09:50 PM, <chaboyd77@yahoo.com> wrote:

>
>
> I'm practicing developing Windows Buffer Overflows and

--
          Dino Dai Zovi / ddz@theta44.org / www.theta44.org
       "Bein' Crazy is the least of my worries." - Jack Kerouac
          C439 2B06 D8D2 A2D8 1ABB  0A55 A61D 9057 63F5 9B1F

Received on Wed Apr 23 17:31:09 2003

This message: [ Message body ]
Next message: Richard Pachito: "Re: MSIE crash-"feature""
Previous message: K. K. Mookhey: "Re: cipher.exe overflow"
In reply to chaboyd77(at)yahoo.com: "Jump back to shellcode Windows overflow"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:38 EDT

Do you need help?