Metasploit mailing list archives
2 nice pop/pop/ret :) (update)
From: hdm at metasploit.com (H D Moore)
Date: Wed, 9 Mar 2005 03:33:04 -0600
This actually works on SP0, SP1, SP1a, and SP2 (the last one is a ret 0x16 vs a ret 0x04). Unfortunately, pop/pop/ret addresses in a system library are completely useless under SP2 when exploiting SEH frame overwrites. -HD On Wednesday 09 March 2005 03:01, class 101 wrote:
0x71ABE325 pop esi - pop - retbis - WS2_32.DLL
Current thread:
- 2 nice pop/pop/ret :) (update) class 101 (Mar 09)
- 2 nice pop/pop/ret :) (update) H D Moore (Mar 09)
- 2 nice pop/pop/ret :) (update) class 101 (Mar 09)
- 2 nice pop/pop/ret :) (update) H D Moore (Mar 09)