Dear Nobody Mind, HSJ's shellcode (http://hsj.shadowpenguin.org/misc/iis5mdac_exp.txt) works without using SEH. It should be able to find the kernel32 unless one 'rebase' it to somewhere else. If you check the aspcode.c (http://packetstormsecurity.nl/0209-exploits/aspcode.c), SEH is used not only in getting the kernel32 base memory, but for other purpose too. sk ----- Original Message ----- From: "Nobody Mind" <cod3po3tat_private> To: <vuln-devat_private> Sent: Thursday, June 26, 2003 4:49 AM Subject: Getting Base Address using the Structured Exception Handler > I basically am wondering if anyone has links or can > post a short explanation of why (not how) using the > SEH method works for getting the base > address of kernel32.dll and others? > Thanks > > > __________________________________ > Do you Yahoo!? > SBC Yahoo! DSL - Now only $29.95 per month! > http://sbc.yahoo.com
This archive was generated by hypermail 2b30 : Thu Jun 26 2003 - 08:50:33 PDT