Re: Getting Base Address using the Structured Exception Handler

From: Gerardo Richarte (geraat_private)
Date: Thu Jun 26 2003 - 08:02:59 PDT

Next message: Gerardo Richarte: "Re: Getting Base Address using the Structured Exception Handler"

Previous message: Jose Ronnick: "Re: Shellcode from ASCII"
In reply to: Gerardo Richarte: "Re: Getting Base Address using the Structured Exception Handler"
Next in thread: Gerardo Richarte: "Re: Getting Base Address using the Structured Exception Handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Gerardo Richarte wrote:

>     However, now that you ask about it, I can think of two ways to
> use SEH to find kernel32 in memory, however, I'm writing realtime,
> so I'm not sure if it'll work or not (let me know if you try it :-).

>    2nd trick:
>         to know the address of ntdll.dll may be easy using SEH:

    I've been just told by hernan sitting here next to me that this technique
is well know (or just known), and was used before, so, original credits go
to them. If anybody has a pointer for it, please go ahead and send it.

    gera

PS: Of course the 1st trick might also be known

Next message: Gerardo Richarte: "Re: Getting Base Address using the Structured Exception Handler"
Previous message: Jose Ronnick: "Re: Shellcode from ASCII"
In reply to: Gerardo Richarte: "Re: Getting Base Address using the Structured Exception Handler"
Next in thread: Gerardo Richarte: "Re: Getting Base Address using the Structured Exception Handler"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 26 2003 - 09:19:21 PDT