[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Full-disclosure] win32 exploit development - weirdness??
- To: <full-disclosure@xxxxxxxxxxxxxxxxx>
- Subject: RE: [Full-disclosure] win32 exploit development - weirdness??
- From: "Jose Ignacio Sanchez" <sanchez@xxxxxxxxxxx>
- Date: Tue, 27 Dec 2005 16:16:08 +0100
It is possible that the return address to your shellcode changes when the
debugger is not attached.
So you are jumping to another place and the program crashes.
... just an idea... :)
BR
Topo[LB]
-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx]On Behalf Of RaMatkal
Sent: martes, 27 de diciembre de 2005 13:55
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] win32 exploit development - weirdness??
having one of those days....im about ready to put my foot through my
computer....
writing stack overflow on win32 arc...
i overflow eip with a pop/pop/ret, jump to my bind shellcode and im
away.....all works perfectly but....
when i attach to the process with my debugger and step through the
exploit, it works 100% of the time....however, when i try and exploit the
server without the debugger attached, the service just seems to crash.....
anyone have any idea what could cause this sort of behaviour?
anyone have an idea how i can take a look at what is going wrong?
remember, when i attach my debugger it works!!!
Thanks in advance,
RaMatkal
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/