Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: PEB heap exploitation question
From: nolimit bugtraq (nolimit.bugtraqgmail.com)
Date: Mon May 23 2005 - 23:35:11 CDT
It's a shame that theirs not as much documentation on this subject, as
stack overflows. It's a complex subject, and as such can only be
explained by a handful of people.
This is one of the prominent sources about the method
The Forced Coalescing method I believe is the method you seek clarity
on. It's sad because thier was a much better presentation on heap
overflows and SP2/2k3 protection breaking, but cybertech.net no longer
This exploit seems to use the method you are speaking of, right down
to the FastPebLockRoutine overwrite. It also explains decently well.
Hopefully this will set you off in the right track.