Vulnerability Development mailing list archives
overwriting SEH and debugging
From: opexoc () gmail com
Date: 20 Dec 2007 16:05:24 -0000
Hello, I am in situation that I have successfully overwrite SEH in some app. I know that because when I am debugging this app I get exception ( access violation ) and then I can thanks to go to fs:[0] find out what is in first SEH structure. I have overwritten this SEH by ordinary \xeb\x30\x90\x90 and address of POP edi/POP esi/RET 8 instruction in shell32 module. I am wondering why when I press SHIFT+F9 in ollydbg I get "Debugged program was unable to process exception". But when I overwrite address of handler in SEH by for example: \x41\x42\x43\x44 then when I press SHIFT+F9 I get that 0x44434241 cannot be accessed - so next exception - as it should be. Where is a problem? opexoc
Current thread:
- overwriting SEH and debugging opexoc (Dec 20)
- Re: overwriting SEH and debugging H D Moore (Dec 21)
- Re: overwriting SEH and debugging Dude VanWinkle (Dec 24)
- Re: overwriting SEH and debugging H D Moore (Dec 24)
- Re: overwriting SEH and debugging Dude VanWinkle (Dec 24)
- Re: overwriting SEH and debugging H D Moore (Dec 21)