[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vuln-dev
Subject:    exploiting/debuggin SetUnhandledException filter
From:       RaMatkal () hotmail ! com
Date:       2005-06-20 8:05:31
Message-ID: 20050620080531.32508.qmail () securityfocus ! com
[Download RAW message or body]

Hi,

I am working on a Win heap overflow that gives me control of eax and ecx and hence \
allows me to write a double word of memory to an arbitrary location...

I overwrite the SetUnhandledException filter with an address that will bounce me back \
to my shellcode.

the only problem is, that the unhandledexception filter does not get called while the \
vulnerable process is being debugged, say with ollydbg.

I think i remember reading somewhere that it is possible to make the \
UnhandledException filter get called from within a standard debugger such as ollydbg \
and was wandering if anyone knows how to do this...

(Kernel level debugger is not an option ie SoftIce)

Thanks very much

RaMatkal


[prev in list] [next in list] [prev in thread] [next in thread]