Metasploit mailing list archives
How to exploit unhandled exception
From: mmiller at hick.org (mmiller at hick.org)
Date: Mon, 12 Feb 2007 10:06:54 -0800
On Mon, Feb 12, 2007 at 11:46:52AM +0100, Thomas Werth wrote:
EIP 727F1FC3 -> mfc42u.dll:727F1FC3 db 0CCh //above and behind even more 0cch
It looks like you're hitting a breakpoint exception (given that eip is executing a 0xcc). Somehow you are causing execution to hit an int3 that's embedded in msvcrt. Since you say there are more 0xcc's around it, I'm guessing that it's hitting in an area of padding between functions. You'll have to use the debugger to try to figure out why execution is being transferred to this address. There really isn't any one best strategy to go about this, but if you can get a basic idea of parent functions, you can breakpoint your way to the problem.
Current thread:
- How to exploit unhandled exception Thomas Werth (Feb 11)
- How to exploit unhandled exception mmiller at hick.org (Feb 11)
- How to exploit unhandled exception Thomas Werth (Feb 12)
- How to exploit unhandled exception mmiller at hick.org (Feb 12)
- How to exploit unhandled exception Thomas Werth (Feb 12)
- How to exploit unhandled exception mmiller at hick.org (Feb 11)