Jeremy Kothe wrote: > > Just a general note concerning Windows overflows - most (if not all) of the > publicly available exploits I have seen floating around are still using > hard-coded addresses for system calls. > > Is this the only way to do this? Note that this method has been around for a > while, but I haven't seen any public releases of it. If anyone knows of any > other ways.... I don't think that this is the only way to do it, what about using direct system calls? you don't need addresses for that, just call INT 2e/2c/2b with the correct registers... I can add to this, that it may be a little harder to do, but anyway, kernel32.dll calls INTs or calls ntdll.dll that uses INT 2e/2c/2b to talk with NT's kernel, so everithing looks like possible with INTs. richie -- A390 1BBA 2C58 D679 5A71 - 86F9 404F 4B53 3944 C2D0 Investigacion y Desarrollo - CoreLabs - Core SDI http://www.core-sdi.com --- For a personal reply use gera@core-sdi.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:07 PDT