Vuln Dev
overwriting SEH and debugging Dec 20 2007 04:05PM
opexoc gmail com (1 replies)
Hello,

I am in situation that I have successfully overwrite SEH in some app. I know that because when I am debugging this app I get exception ( access violation ) and then I can thanks to go to fs:[0] find out what is in first SEH structure.

I have overwritten this SEH by ordinary \xeb\x30\x90\x90 and address of POP edi/POP esi/RET 8 instruction in shell32 module. I am wondering why when I press SHIFT+F9 in ollydbg I get "Debugged program was unable to process exception". But when I overwrite address of handler in SEH by for example: \x41\x42\x43\x44 then when I press SHIFT+F9 I get that 0x44434241 cannot be accessed - so next exception - as it should be. Where is a problem?

opexoc

[ reply ]
Re: overwriting SEH and debugging Dec 20 2007 05:36PM
H D Moore (sflist digitaloffense net) (1 replies)
Re: overwriting SEH and debugging Dec 22 2007 07:19PM
Dude VanWinkle (dudevanwinkle gmail com) (1 replies)
Re: overwriting SEH and debugging Dec 22 2007 07:35PM
H D Moore (sflist digitaloffense net)


 

Privacy Statement
Copyright 2010, SecurityFocus