[framework] A Wee Bit of Help
mmiller at hick.org
mmiller at hick.org
Fri Mar 16 15:50:05 CDT 2007
On Fri, Mar 16, 2007 at 03:30:33PM -0500, H D Moore wrote:
> This exception indicates that you control a pointer that is being
> dereferenced and compared with zero. This is not exploitable for anything
> other than a denial of a service. By placing a valid value into the EAX
> register, you prevent the process from crashing, but you have no control
> over execution. There may be another way to trigger code execution, but
> changing the value of EAX to be a valid address is probably not it.
>
> Something you might want to try is making EAX point to DWORD with the
> value 0 (ie. 4 NULL bytes). This may change the logic of the application
> and continue on to an exploitable exception.
A good, reliable address to use for this would be something like
0x7ffe0504 which is an unused (zero initialized) portion of
SharedUserData. It won't move around on you.
More information about the framework
mailing list