Re: Jump back to shellcode Windows overflow

From: Blue Boar (BlueBoarat_private)
Date: Tue Apr 22 2003 - 10:45:52 PDT

Next message: Dmitry Glushenok: "Re: defacement stats"

Previous message: chaboyd77at_private: "Jump back to shellcode Windows overflow"
In reply to: chaboyd77at_private: "Jump back to shellcode Windows overflow"
Next in thread: Matt Conover: "Re: Jump back to shellcode Windows overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

How about just a short or near jmp?  How many bytes between where EIP lands 
and your shellcode?  I.E. jmp -128 or something?  EB 80, I think.

						BB

chaboyd77at_private wrote:
> 
> I'm practicing developing Windows Buffer Overflows and
> 
> have run into a slight snag.  When I overwrite EIP with
> 
> the address of "jmp ESP" I land below my shellcode instead
> 
> of where the top of the stack used to be:
> 
> 
> 
> <-----------400 bytes-------->
> 
> [NOP's........Shellcode...EIP..*<-code jumps here**]

Next message: Dmitry Glushenok: "Re: defacement stats"
Previous message: chaboyd77at_private: "Jump back to shellcode Windows overflow"
In reply to: chaboyd77at_private: "Jump back to shellcode Windows overflow"
Next in thread: Matt Conover: "Re: Jump back to shellcode Windows overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 22 2003 - 12:52:10 PDT