[Full-disclosure] ms08-067 Exploit Technologies

[yuange <yuange1975@xxxxxxxxxxx>]

http://hi.baidu.com/yuange1975/blog/item/d648f4f0e1a925c87931aad7.html

 

the exploit need two  0x5c, one is len,the other is ptr .you can control ptr .

 

 

 

memory:

 

  
vista:      0x00000209     len=5c 0x00000209     ch=0x0000005c        a       b 
    ebp    ret   00000000 outcopy   ptr e out    bbbbbb
                                                

win2003:      len=0x0000005c    wcslen    ptr1   ecx    ebp ret    00000000     
outcpy    ptr e   out    bbbbbb
                                                             

winxp:        len=0x0000005c     wcslen     ptr1 ecx    ebp ret     00000000    
outcpy   ptr e    out     bbbbbb
          


win2000:    ptr   5c             r    00000000    outcpy     ptr 
bbbbbbbbbbbbbbbbb out
                                                                                
  

 

 

 

                                                             yuange

 

                                        http://hi.baidu.com/yuange1975/blog
                                          
_________________________________________________________________
SkyDrive电子画册，带你领略精彩照片，分享“美”时“美”刻!
http://www.windowslive.cn/campaigns/e-magazine/ngmchina/?a=c

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/