[framework] XMPlayer PLS Buffer Overflow Module
H D Moore
hdm at metasploit.com
Tue Nov 28 22:19:15 CST 2006
FYI, you can also use 'memdump.exe' in the tools directory of v2.7. This
will create a directory containing the process image broken into files
based on the virtual address. The msfpescan -d <dir> option can be used
to find return addresses in the memdump.exe output. Just cross-reference
the opcode matches with the virtual addresses to determine which ones
fall into the application's DLLs.
Really short on free time lately, or I would do it myself :-/
-HD
On Tuesday 28 November 2006 21:58, Greg Linares wrote:
> hate to double post but that tool Jerome mentioned is called EEReap
> from Eeye. If no one grabs a universal address by tomorrow i'll
> probably dive in and try for it :)
More information about the framework
mailing list