[framework] ani_loadimage_chunksize problem
Thomas Werth
security at vahle.de
Wed Oct 24 09:17:34 CDT 2007
Ohh,
what an "easy" reason :)
On Windows code execution protection is activated for all programs.
IDA doesn't show X Flag for stack segment, so exceution isn't allowed.
So it seems msf payload does nothing magic to circumvate code exectution
protection and ida properly prompts wrong message ...
H D Moore schrieb:
> Could it be that the stack is non-executable on your platform and IDA is
> misinterpreting the exception code?
>
> -HD
>
> On Wednesday 24 October 2007, Thomas Werth wrote:
>> Now the jmp esp is donw and lands in stack.
>>
>> But then the same exception is thrown.
>> "Memory could not be written The instruction at 0x12decc referenced
>> memory at 0x12decc. The memory could not be written (0x12decc ->
>> 12decc)" Strange is that Segment is marked as W & D public Stack.
>> So write access should be granted...
>> Altouhg why in generell is there a write access violation when
>> performing a nop or former a jmp esp ?
>>
>> Any help and clarification is welcome.
>
>
More information about the framework
mailing list