Re: Win32 Shellcode question.

[sk <sk () scan-associates net>]

> After the overflow, I can step through the NOP sled, and reach the above 
> payload - meaning I have control over the CPU's exec path, and can make 
> it execute my payload. However, I keep getting an "Access Violation" 
> writing location.. error inside the "call eax" that corresponds with 
> LoadLibrary("msvcrt").

It looks like to me that you should adjust the ESP first. If the ESP is 
just below your code, you may end up overwriting your own shellcode. Or if 
it is too near the beginning of a page, you wont get enough stack to work 
with. Adjusting ESP may help to fix the problem.

sk