From: johnny cyberpunk (johncybpkgmx.net)
Date: Mon Apr 19 2004 - 09:31:54 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hi,

runix: the w00w00 heap tut will not help him.
first the windows heap structure is different from the linux oder bsd heaps.
and second the w00w00 heap tut is about bss heap stuff, not malloc/free heap
exploitation.

one paper i know about windows heap exploits was presented by david
litchfield on
blackhat windows 2004:

http://www.blackhat.com/presentations/win-usa-04/bh-win-04-litchfield/bh-win-04-litchfield.ppt

and the sample code:

http://www.blackhat.com/presentations/win-usa-04/bh-win-04-litchfield/bh-win-04-litchfield-code.rtf

another nice paper on how to exploit a windows rpc heap bug was written by
dave aitel.

http://www.immunitysec.com/papers/msrpcheap.pdf
http://www.immunitysec.com/papers/msrpcheap2.pdf

hope that helps.

cheers,
johnny cyberpunk / www.thc.org

----- Original Message -----
From: "runix" <runixfallenroot.net>
To: <vuln-devsecurityfocus.com>
Sent: Saturday, April 17, 2004 12:54 AM
Subject: Re: Windows Heap Overflow

> Not specifically windows, but you'll get what you need from this paper
> by w00w00:
> http://www.fallenroot.net/texts/bof/heaptut.txt
>
> On Fri, 2004-04-16 at 20:07, lavmarcofreemail.it wrote:
> > Hi all,
> >
> > Where can i gain complete information (papers, tutorial, etc..)
> > about heap overflow exploitation in windows environment?
> >
> > Is It similar to linux dmalloc chunk overflow?
> >
> > Thank you in advance.
> >
> >
> > -----------------------------------------------------------
> > Spazio ILLIMITATO per la tua Email, Scanner Antivirus,
> > Antispam, Backup e POP3. Prova la nuova Email di superEva:
> > http://webmail.supereva.it/
> > -----------------------------------------------------------
> >
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]