|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: PEB heap exploitation question
From: nolimit bugtraq (nolimit.bugtraq
gmail.com)
Date: Mon May 23 2005 - 23:35:11 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hello 6d79676d61696c6163636f756e74,
It's a shame that theirs not as much documentation on this subject, as
stack overflows. It's a complex subject, and as such can only be
explained by a handful of people.
http://cansecwest.com/csw04/csw04-Oded+Connover.ppt
This is one of the prominent sources about the method
The Forced Coalescing method I believe is the method you seek clarity
on. It's sad because thier was a much better presentation on heap
overflows and SP2/2k3 protection breaking, but cybertech.net no longer
hosts it.
http://www.phreedom.org/solar/exploits/msasn1-bitstring/
This exploit seems to use the method you are speaking of, right down
to the FastPebLockRoutine overwrite. It also explains decently well.
Hopefully this will set you off in the right track.
nolimit
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]