• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

help shed light on buffer overflow

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses

View previous topic :: View next topic  
Author Message
jake2891
Just Arrived
Just Arrived


Joined: 20 Mar 2010
Posts: 0


Offline

PostPosted: Mon Mar 29, 2010 11:51 am    Post subject: help shed light on buffer overflow Reply with quote

Hey guys, ive been trying to execute my shellcode through an application that has a buffer overflow. my question is that it takes over 60000 "A's" to over flow the buffer and then only the eax,ecx,edx register states 41414141 no matter how long i make the string it never reaches the esp or ebp or eip? It does state access violation executing 4141414 so i know its hitting my code although i cant understand why i cant get esp or esb to point to my code. It does not have sseh it does seem to hit the default seh handler but no matter how long my buffer is it never seems to overwrite this and no warnings come up stating stack cookies was corrupted and i have disabled dep for the application for testing. any ideas thanks?
Back to top
View user's profile Send private message
gnix
Just Arrived
Just Arrived


Joined: 11 Dec 2009
Posts: 0


Offline

PostPosted: Mon Apr 05, 2010 7:25 am    Post subject: Reply with quote

Hello jake2891,

I am not sure what your problem is, but I think you are trying to overwrite the EIP in "strange" way.

Normally, a buffer is located in the heap or on the stack where sometimes is stored the EIP (return address of a function), but not the general purpose registers (EAX, EBX, etc.) except for the stack pointer. So, I don't understand how it is possible that you overwrite EAX, EBX, ECX, and EDX through a buffer.

Maybe, there are some instructions that load 0x41...41 in each register??

Post two or three outputs of GDB with the following commands and maybe I can help you.

Code:
run
run AAAAAAA
run $(perl -e 'print "A"x60000')


gnix
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Exploits // System Weaknesses All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register