[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] exploiting/debugging the UnhandledExceptionFilter

To: <Full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] exploiting/debugging the UnhandledExceptionFilter
From: "RaMatkal" <ramatkal@xxxxxxxxxxx>
Date: Tue, 21 Jun 2005 15:04:46 +0200

Hi,

I am working on a Win heap overflow that gives me control of eax and ecx and 
hence allows me to write a double word of memory to an arbitrary location...

I overwrite the SetUnhandledException filter with an address that will bounce 
me back to my shellcode.

the only problem is, that the unhandledexception filter does not get called 
while the vulnerable process is being debugged, say with ollydbg.

I think i remember reading somewhere that it is possible to make the 
UnhandledException filter get called from within a standard debugger such as 
ollydbg and was wandering if anyone knows how to do this...

(Kernel level debugger is not an option ie SoftIce)

Thanks very much

RaMatkal

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] exploiting/debugging the UnhandledExceptionFilter
  - From: class

Prev by Date: Re: [Full-disclosure] thunderbird privacy...
Next by Date: Re: [Full-disclosure] thunderbird privacy...
Previous by thread: Re: [Full-disclosure] thunderbird privacy...
Next by thread: Re: [Full-disclosure] exploiting/debugging the UnhandledExceptionFilter
Index(es):
- Date
- Thread