[framework] Executable Download and Execute - payload
J.M. Seitz
jms at bughunter.ca
Sat Dec 15 22:00:11 CST 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hmmm. Here are a few things to try:
1) Instead of using 0x90's for your sled use 0xCC and trace the
execution of the shellcode.
2) When the first access violation occurs make sure you are doing a
SHIFT+F7/F8/F9 which will pass the exception to the debugged process.
JS
Jan Grzdyl wrote:
> Hello,
>
> Could anyone tell me why when I am debugging program which is executing
> "Windows Executable Download and Execute" payload then it occurs problem
> with SEH executing - ollydbg says that debugged program can't handle the
> exception and after that it terminates the program. But, when I run this
> program normally - it is not debugged - then this program with you shellcode
> works properly.
>
> best,
> opexoc
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFHZKLLKEj7ZJktQNsRAhKIAJ4+fTeBBdpQG55ux7uuqR3WuBx6KQCgm44n
yvwbtRbcwXl9brxuA7+seLU=
=U2To
-----END PGP SIGNATURE-----
More information about the framework
mailing list