[framework] Metasploit vs ANI
mmiller at hick.org
mmiller at hick.org
Wed Apr 4 01:30:37 CDT 2007
What version of user32.dll do you have? What is the instruction at
77d525ba? The partial overwrite is succeeding, but it appears you have
something other than a call [ebx+4] at this location.
On Wed, Apr 04, 2007 at 08:26:44AM +0200, Thomas Werth wrote:
> ok here are details
>
> msf 3 latested updates running on bt2 hd install. Using
> win/shell/bind_tcp payload
> Test vmware windows xp sp2 german no ani patch installed, running as admin .
> Using ollydgb on ie .
> WinXp connects to given msf random uri as soon as msf shows ready signals.
>
> Ollydg is catching on error :
> EAX ED40601B
> ECX 7C92056D ntdll.7C92056D
> EDX 00000000
> EBX 0012DF80
> ESP 0012DECC
> EBP FED47515
> ESI 0012DEFC ASCII "anih$"
> EDI 0012DECC
> EIP 77D525BA USER32.77D525BA
> C 0 ES 0023 32bit 0(FFFFFFFF)
> P 1 CS 001B 32bit 0(FFFFFFFF)
> A 0 SS 0023 32bit 0(FFFFFFFF)
> Z 1 DS 0023 32bit 0(FFFFFFFF)
> S 0 FS 003B 32bit 7FFDF000(FFF)
> T 0 GS 0000 NULL
> D 0
> O 0 LastErr ERROR_INVALID_PARAMETER (00000057)
> EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE)
> ST0 empty -??? FFFF 0084837B 6B84837B
> ST1 empty -??? FFFF 00000000 6B000000
> ST2 empty -??? FFFF 00000084 0083007B
> ST3 empty -??? FFFF 00000084 0083007B
> ST4 empty -??? FFFF 6B84837B 6B84837B
> ST5 empty -??? FFFF 00000084 0083007B
> ST6 empty 1.0000000000000000000
> ST7 empty 1.0000000000000000000
> 3 2 1 0 E S P U O Z D I
> FST 4000 Cond 1 0 0 0 Err 0 0 0 0 0 0 0 0 (EQ)
> FCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1
More information about the framework
mailing list