Quote:
|
Originally Posted by haluznik Hi,
thanx u for answer. But I testing exploiting vuln.c in WIN XP SP1,
There is no DEP, i think  . SEH exploitation i start study after
complet understand simple buffer overflov in win32 
There is my problem:
-i run exploit
C:\>exploit
> test exploit for vuln
> Exploiting!
'Í↓Ҥôkť¤Ýs♫{ť7"Ĺ‼♣ť¤Âo"Ä{}̤¬Ä"Ác°y▲Xă˝ĎěHDŕNBÄjt ů' is not recognized as an int
ernal or external command,
operable program or batch file.
C:\>
I dont understand, why write this error.
where is a bug in exploit? 
- exploit string should look like this?
[AAAAAAAAAAAAAAAAAAAA| EIP | SHELLCODE ]
somebody wrote to me this:
[buffer - garbage data] - EIP (jmp esp) - [nopsled] - [shellcode]
- which is corrrect?
Thanx u very much for all answer, are that precious information
Have a nice day, haluZniq |
There should be some nopsled bytes between your EIP and Shellcode, because sometimes, there is space between the EIP and ESP.
You must start testing again by overflowing your program again, and see in ollydbg when the ESP gets overwritten by your user supplied data.
Put the right amount of nopsleds behind your RETaddr, and after that, your shellcode.
This should work
Grtz,
Yorgi