Jeremy Kothe wrote:
>
> Just a general note concerning Windows overflows - most (if not all) of the
> publicly available exploits I have seen floating around are still using
> hard-coded addresses for system calls.
>
> Is this the only way to do this? Note that this method has been around for a
> while, but I haven't seen any public releases of it. If anyone knows of any
> other ways....
I don't think that this is the only way to do it, what about
using direct
system calls? you don't need addresses for that, just call INT 2e/2c/2b
with the
correct registers...
I can add to this, that it may be a little harder to do, but
anyway,
kernel32.dll calls INTs or calls ntdll.dll that uses INT 2e/2c/2b to
talk with NT's kernel, so everithing looks like possible with INTs.
richie
--
A390 1BBA 2C58 D679 5A71 - 86F9 404F 4B53 3944 C2D0
Investigacion y Desarrollo - CoreLabs - Core SDI
http://www.core-sdi.com
--- For a personal reply use [EMAIL PROTECTED]
