Log in

View Full Version : ecx overwritten +overflow


blowfrank
December 21st, 2010, 09:45
Hello all,
I kindly ask if someone could explain me in a simple way which are the "right" steps to put the right address into ecx to land inside myjunk.
This one is my "actual" situation:

ecx offset is 15000
myjunk = "A"*15000
ecxaddress = ?? how can i check which readable address i need to put here?? i' m using immunity debugger

I noticed that there is another thread below but it is not clear for me (i have the same problem)
t-13375.html
sorry for the noob question!! hope that you can understand
thanks a lot
Luc

evlncrn8
December 21st, 2010, 10:03
well, first of all it might be an idea to give us an idea of what you are actually doing..

blowfrank
December 21st, 2010, 10:31
yes sure, nothing special .. i'm playing with a small custom application and i found a buffer overflow so i'm trying to exploit it just for fun, below there is the stack record:
the stack:

eax 00000003
ecx 42424242
eip 0048AD90 appl.0048AD90

Best regards

ekse
December 21st, 2010, 12:36
This might not be exploitable since EIP was not overwritten. The debugger stopped because of an access violation, look what instruction the debugger stopped at to see if it is a read or write error. If it's a write error and you can control both the destination and the content this might be exploitable. Also you should try to pass the exception (Shift-F9) to see if the SEH chain is overwritten. You can also try with a shorter/longer buffer.

Needless to say you will need a basic understanding of assembly to exploit this. If you are just starting with exploit writing you might want to try a simpler one where you directly overwrite EIP.