help shed light on buffer overflow

Networking/Security Forums -> Exploits // System Weaknesses

Author: jake2891 PostPosted: Mon Mar 29, 2010 11:51 am    Post subject: help shed light on buffer overflow
    ----
Hey guys, ive been trying to execute my shellcode through an application that has a buffer overflow. my question is that it takes over 60000 "A's" to over flow the buffer and then only the eax,ecx,edx register states 41414141 no matter how long i make the string it never reaches the esp or ebp or eip? It does state access violation executing 4141414 so i know its hitting my code although i cant understand why i cant get esp or esb to point to my code. It does not have sseh it does seem to hit the default seh handler but no matter how long my buffer is it never seems to overwrite this and no warnings come up stating stack cookies was corrupted and i have disabled dep for the application for testing. any ideas thanks?

Author: gnix PostPosted: Mon Apr 05, 2010 7:25 am    Post subject:
    ----
Hello jake2891,

I am not sure what your problem is, but I think you are trying to overwrite the EIP in "strange" way.

Normally, a buffer is located in the heap or on the stack where sometimes is stored the EIP (return address of a function), but not the general purpose registers (EAX, EBX, etc.) except for the stack pointer. So, I don't understand how it is possible that you overwrite EAX, EBX, ECX, and EDX through a buffer.

Maybe, there are some instructions that load 0x41...41 in each register??

Post two or three outputs of GDB with the following commands and maybe I can help you.

Code:
run
run AAAAAAA
run $(perl -e 'print "A"x60000')


gnix



Networking/Security Forums -> Exploits // System Weaknesses


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group