[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] win32 exploit development - weirdness??

To: <full-disclosure@xxxxxxxxxxxxxxxxx>
Subject: [Full-disclosure] win32 exploit development - weirdness??
From: "RaMatkal" <RaMatkal@xxxxxxxxxxx>
Date: Tue, 27 Dec 2005 14:54:36 +0200

having one of those days....im about ready to put my foot through my 
computer....

writing stack overflow on win32 arc...

i overflow eip with a pop/pop/ret, jump to my bind shellcode and im 
away.....all works perfectly but....

when i attach to the process with my debugger and step through the exploit, it 
works 100% of the time....however, when i try and exploit the server without 
the debugger attached, the service just seems to crash.....

anyone have any idea what could cause this sort of behaviour?
anyone have an idea how i can take a look at what is going wrong? remember, 
when i attach my debugger it works!!!

Thanks in advance,
RaMatkal

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- RE: [Full-disclosure] win32 exploit development - weirdness??
  - From: Jose Ignacio Sanchez

Prev by Date: Re: [Full-disclosure] iDefense Security Advisory 12.14.05: Trend Micro PC-Cillin Internet Security Insecure File Permission Vulnerability
Next by Date: [Full-disclosure] [SECURITY] [DSA 928-1] New dhis-tools-dns packages fix insecure temporary file creation
Previous by thread: [Full-disclosure] [SECURITY] [DSA 927-1] New tkdiff packages fix insecure temporary file creation
Next by thread: RE: [Full-disclosure] win32 exploit development - weirdness??
Index(es):
- Date
- Thread