Dailydave mailing list archives
Re: Understanding Windows Heap Overflows
From: Nicolas Waisman <nicolas () immunitysec com>
Date: Fri, 7 Oct 2005 11:42:36 -0400
The best way to learn, is going real. I will recommend you to try exploiting MS05_021 (the X-LINK2STATE bug) with that bug you will be able to play pretty easy with the heap layout (which is the real challenge on Heap exploit, to get whatever primitive you need). Peace, Nico On Fri, Oct 07, 2005 at 10:01:27AM +0100, pbb wrote:
Thanks guys for all the responses, I've actually had an app I was playing with (that I suspected had a heap overflow that I was trying to exploit.) get an overflow with control of the eax and ecx registers so thought I had it but couldn't move from here to executing code. I haven't looked at it for a while as I knew I didn't understand the technique as well as I thought. I hope that I can step through the examples you guys have given me and progress ever so slightly in my knowledge of these types of exploitation. I've been stepping through Brett's link and hope this will get me over the issue I was having. I'm not sure if it's because the app I was looking at was multithreaded and the overflows are not simple like a stack one were at the end of the function overflowed it executes. I try and look at Matt's example over the weekend. Thanks for the help. Paul.
Current thread:
- RE: Understanding Windows Heap Overflows, (continued)
- RE: Understanding Windows Heap Overflows Brett Moore (Oct 04)
- RE: Understanding Windows Heap Overflows Ben Nagy (Oct 04)
- Re: Understanding Windows Heap Overflows pbb (Oct 05)
- RE: Understanding Windows Heap Overflows Brett Moore (Oct 05)
- RE: Understanding Windows Heap Overflows Dave Korn (Oct 19)
- Re: Understanding Windows Heap Overflows Matt Conover (Oct 19)
- RE: Understanding Windows Heap Overflows Dave Korn (Oct 20)
- Re: Understanding Windows Heap Overflows pbb (Oct 07)
- Re: Understanding Windows Heap Overflows Matt Conover (Oct 07)
- Re: Understanding Windows Heap Overflows Nicolas Waisman (Oct 07)
- Re: Understanding Windows Heap Overflows Dave Aitel (Oct 07)