Network Security: Detailed info on [Full-disclosure] exploiting/debugging the UnhandledExceptionFilter

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security FullDisclosure

[Top] [All Lists]

[Full-disclosure] exploiting/debugging the UnhandledExceptionFilter

from [RaMatkal] Network Security

[Permanent Link]

Subject:	[Full-disclosure] exploiting/debugging the UnhandledExceptionFilter
Date:	Tue, 21 Jun 2005 15:04:46 +0200

Hi,

I am working on a Win heap overflow that gives me control of eax and ecx and 
hence allows me to write a double word of memory to an arbitrary location...

I overwrite the SetUnhandledException filter with an address that will bounce 
me back to my shellcode.

the only problem is, that the unhandledexception filter does not get called 
while the vulnerable process is being debugged, say with ollydbg.

I think i remember reading somewhere that it is possible to make the 
UnhandledException filter get called from within a standard debugger such as 
ollydbg and was wandering if anyone knows how to do this...

(Kernel level debugger is not an option ie SoftIce)

Thanks very much

RaMatkal

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[Full-disclosure] exploiting/debugging the UnhandledExceptionFilter, RaMatkal <= Re: [Full-disclosure] exploiting/debugging the UnhandledExceptionFilter, class

Previous by Date:	Re: [Full-disclosure] thunderbird privacy..., sec-list
Next by Date:	Re: [Full-disclosure] thunderbird privacy..., Thomas Springer
Previous by Thread:	[Full-disclosure] thunderbird privacy..., christos_gentsis
Next by Thread:	Re: [Full-disclosure] exploiting/debugging the UnhandledExceptionFilter, class
Indexes:	[Date] [Thread] [Top] [All Lists]