Hosting Provided By

Re: strcpy bug

From: xenophi1e <oliver.lavery(at)sympatico.ca>
Date: Sat Jun 07 2003 - 14:34:59 EDT

('binary' encoding is not supported, stored as-is)
In-Reply-To: <Law15-F17rjbudzxxfY00026977@hotmail.com>

>
>The windows "Search for files and folders" utility will search binaries
and
>can often find the linkage names of functions and dlls they call. None

*Lol*. I never would have thought to use the pretty GUI with the little doggie for anything like this. But of course, it's really just a not-so- good strings / objdump | grep.

>Bah. That 0x104 in the size field of the result string from the
also
>stops us feeding too long a string through the W version to the A
version.
>D'oh.

Yeah, another obvious problem I realised after posting is that MAX_PATH on windows is 260 / 0x104. So the overflowable buffer is MAX_PATH characters long. There's some protection since applications that are well written probably won't call a file open sort of function with a filename longer than MAX_PATH. Of course we all know how many applications are actually well written...

>So I guess the answer to your question is "Potentially, IE, OE, MSHta.exe

Hmm, that's a good analysis, thanks. I'll have to have a lookse at t2embed.dll the next time I sit down with IDA.

Cheers,
~x Received on Mon Jun 9 17:06:56 2003

This message: [ Message body ]
Next message: Lorenzo Manuel Hernandez Garcia-Hierro: "PSOFT H-Sphere XSS Vulnerabilities"
Previous message: wirepair: "win32 exploitation (ex: ollydbg.exe)"
In reply to Dave Korn: "Re: strcpy bug"
Reply: Dave Korn: "Re: strcpy bug"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:40 EDT

Do you need help?