Vuln Dev
Re: SEH and overwrite EIP Dec 01 2007 12:03AM
opexoc gmail com
maybe I have formulated badly this question. I mean that if we can overwrite return address of the function properly ( without access violation ) then we can overwrite SEH properly ( without access violation ) and if we can overwrite SEH properly then we can overwrite return address properly. So it seems ( for me ) that SEH overwrite is equivalent to return address overwrite. Since return address is more simple to handle, so there is no need to play with SEH. So why hackers play with it? ( I talk there only about defualt SEH, which is encountered during access violation - i.e http://www.milw0rm.com/exploits/4651 ) Maybe I miss something very important there.

best,

opexoc

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus