[framework] Executable Download and Execute - payload
Jan Grzdyl
opexoc at gmail.com
Sun Dec 16 11:27:11 CST 2007
> > I try to exploit some app and in my exploit I overwrite SEH - this
> shellcode
> > does not work for this exploit.
>
> I am not 100% sure what you're saying here: do you mean that you can
> successfully control EIP, but the shellcode doesn't execute?
>
> If you are using the typical POP/POP/RET trampoline for your SEH
> overwrite, then set a breakpoint on the address of the POP/POP/RET and
> make sure that it's actually being hit.
Yes I am using typical POP/POP/RET trampoline for my SEH overwrite. Yes it
is being hit. Afterwards, shellcode is being executed. Unfortunately this
shellcode in this situation does not work. I suspect that it could be caused
by that my exploit is overwriting SEH and when shellcode throw exception
then it can't be handle.
But, I am not convinced if this shellcode really throw exception because
when I normally run such program in debugger:
unsigned char scode[] =
"<Your shellcode>";
int main(){
((void (*)()) scode)();
return 0;
}
then there is no exceptions, but when I try to step by step ( F8 in olly )
execute program then there is thrown exception which can't be handle. It is
very weird.
best,
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://spool.metasploit.com/pipermail/framework/attachments/20071216/4415f561/attachment.htm
More information about the framework
mailing list