Re: Preventing /*exploitation with*/ rebasing

[Shaun Clowes <shaun () securereality com au>]

Hey All,

At 08:57 PM 7/02/2003 +0100, dullien () gmx de wrote:
> Concerning information on TIB and PEB: If you're too lazy to learn
> russian/polish, you might consider taking (a) the wine header files
> (which attempt to document parts of these structures) and (b) a
> debugger and go spellunking yourself.
> Oh, and MS does provide some limited information:
> http://msdn.microsoft.com/msdnmag/issues/02/08/EscapefromDLLHell/default.aspx

Incase anyone is wondering about these Russian papers on the reverse 
engineered contents of the PEB and TIB there have been a number of posts to 
the newsgroups with the structures in question. You don't have to 
understand Russian given that the field names make most of them pretty 
obvious, check out:

http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=_NT_TEB&btnG=Google+Search

Cheers,
Shaun