|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Non executable memory pages with AMD64 + XP SP2
From: Nicolas RUFF (nicolas.ruff
edelweb.fr)
Date: Wed Jan 05 2005 - 12:46:58 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
> So with it enabled you are getting no errors if you attempt a stack
> based overflow?
Yes, stack-based shellcodes will run fine unless I manually specify /PAE
in the BOOT.INI file.
However Microsoft is currently investigating the problem and I had a
contact today with someone from out there. At first look it *might* be a
problem with multi-boot systems.
Indeed my system is multi-booting Windows 2003 Server and Windows XP Pro
(well ... you know, AMD64 is still expensive so I bought only one :-),
so my NTLDR is Windows 2003 version. From there you can induce that PAE
*might* be enabled by Windows XP NTLDR when /NoExecute parameter is
detected, and not checked thereafter by NTOSKRNL.
I think I will make more tests this week-end and keep you informed.
Regards,
- Nicolas RUFF
-----------------------------------
Security Consultant
EdelWeb (http://www.edelweb.fr/)
Mail : nicolas.ruff (at) edelweb.fr
-----------------------------------
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
https://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]