|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: hard-coded windows exploits
Jeremy Collake (collake
CHARTER.NET)
Tue, 23 Nov 1999 10:41:59 -0500
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
- Next message: David Heine: "Re: Terminal Server"
- Previous message: Пичугин Тимур Дмитриевич: "Re: Blocking Spoofed Email"
- Maybe in reply to: Resson: "Blocking Spoofed Email"
> When I was playing with hostile thread injection about 2 years ago I found
> that kernel32.dll always seemed to be mapped into a processes address
space
> at the same location, and once you have that all you need to do is locate
> GetProcAddress() to get everything else. Has anyone else found this?
Peter, you are partially right. Kernel32.dll will always be mapped to the
same image base, however this image base varies from win9x to NT4 to NT5 and
there is no guarentee that the kernel32.dll image base will not change in
future service packs.
Jeremy Collake
collakecharter.net
http://webpages.charter.net/collake
- Next message: David Heine: "Re: Terminal Server"
- Previous message: Пичугин Тимур Дмитриевич: "Re: Blocking Spoofed Email"
- Maybe in reply to: Resson: "Blocking Spoofed Email"
This archive was generated by hypermail 2.0b3 on Tue Nov 23 1999 - 12:54:04 CST