>Well, IMO using such a routine is not necessary for something like a buffer
>overflow in a Ring3-Program under NT. In the win32 environment, all your
>applications that reside in the pageable memory pool (ALL User-Mode Apps)
>will always be loaded at a fixed base address. In that scenario, you can
>just as well use hard-coded addresses, namely those of the functions in the
>PE-Header of the exploited program.
This is fine IF the target .EXE or .DLL contains the functions you are
looking for, AND if you don't mind re-coding (or re-adjusting) the exploit
for each new overflow - with this method, you can write any exploit
algorithm you choose - use URLDownloadToCacheFileA or winsock as per your
preference, and it will work with ANY overflow situation.
______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com
