ignatz
January 9th, 2002, 08:48
hi
i read a previous thread about morpheus. I got a working dump using DeX but that´s not all i´m interested in.
first of all i´d like to understand the anti-sice tricks used by PeX better.
i figured the int03-SEH trick (code02) as described by +Frog's Print & +Spath
after this test there is at least one more, which i cannot elude.
it works similar to the int03 seh.
the difference is that the exception is generated by an invalid
mov al, [ebx]
generatin an exception.
the exception handler will return to exitprocess ;(
if i bypass the falty instruction i end up with a messagebox
+--[PeX ...]----------------------------------+
| unable to load library |
+----------------------------------------------+
(which seems fake to me.)
and afterwards i´m pushed into exitprocess again. *darn*
any help greatly appreciated
farewell
-Ignatz
i read a previous thread about morpheus. I got a working dump using DeX but that´s not all i´m interested in.
first of all i´d like to understand the anti-sice tricks used by PeX better.
i figured the int03-SEH trick (code02) as described by +Frog's Print & +Spath
after this test there is at least one more, which i cannot elude.
it works similar to the int03 seh.
the difference is that the exception is generated by an invalid
mov al, [ebx]
generatin an exception.
the exception handler will return to exitprocess ;(
if i bypass the falty instruction i end up with a messagebox
+--[PeX ...]----------------------------------+
| unable to load library |
+----------------------------------------------+
(which seems fake to me.)
and afterwards i´m pushed into exitprocess again. *darn*
any help greatly appreciated
farewell
-Ignatz
