Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
RE: Exploiting in Unicode and XP SP2
From: Ben Nagy (beniagu.net)
Date: Tue Jun 06 2006 - 22:24:07 CDT
> -----Original Message-----
> From: Ivan Stroks [mailto:ivanstroksyahoo.co.nz]
> Sent: Tuesday, June 06, 2006 10:30 PM
> To: vuln-devsecurityfocus.com
> Subject: Exploiting in Unicode and XP SP2
> I am trying to exploit a stack buffer overflow in a
> Windows Application running in XP SP2.
> . I have found an address with a call [ebp+30] in
> Unicode.nls. In Windows 2000, I can execute the
> instruction located in that memory space, where as in
> XP, I cannot. Does XP prevent the execution of
> intructions, if the memory hasn't Execute access?
> Because I can execute in W2K, but not in XP.
Yes, XPSP2 does (under the default software DEP settings). The protection is
not generic unless you're using hardware DEP, but the page status is checked
during exception handling, so it won't dispatch to an NX page.