>Well, IMO using such a routine is not necessary for something like a buffer >overflow in a Ring3-Program under NT. In the win32 environment, all your >applications that reside in the pageable memory pool (ALL User-Mode Apps) >will always be loaded at a fixed base address. In that scenario, you can >just as well use hard-coded addresses, namely those of the functions in the >PE-Header of the exploited program. This is fine IF the target .EXE or .DLL contains the functions you are looking for, AND if you don't mind re-coding (or re-adjusting) the exploit for each new overflow - with this method, you can write any exploit algorithm you choose - use URLDownloadToCacheFileA or winsock as per your preference, and it will work with ANY overflow situation. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:13:09 PDT