 | |
| |||||||
| Home | Register | Projects | Blogs | FAQ | Calendar | Search | Today's Posts | Mark Forums Read | Free Directory | Free DNSReport | Tags |
| Notices |
| Applications, Tools & Papers Discuss about security applications, tools, papers, etc... |
Hi I have a heap overflow problem, who can help me?This is a discussion on "Hi I have a heap overflow problem, who can help me?" within the Applications, Tools & Papers part of the Computer Security: Discussions section; See below code. a1 = malloc(32); a2 = malloc(32); memset(a2,'A',64); free(a2); it can arose an heap overflow, But I can't use it to write 4bytes to anywhere. Does any one have a good way?... |
 |
| | LinkBack (1) | Thread Tools | Display Modes |
17-05-06
| |||
| |||
 Hi I have a heap overflow problem, who can help me? See below code. a1 = malloc(32); a2 = malloc(32); memset(a2,'A',64); free(a2); it can arose an heap overflow, But I can't use it to write 4bytes to anywhere. Does any one have a good way?  |
| Sponsor | ||
| ||
| |
|
17-05-06
| ||||
| ||||
| because that is a stack overflow not a heap overflow. |
|
17-05-06
| |||
| |||
| Quote:
The real program is like that. a = getprocessheap(); a1 = heapalloc(a, ,XXX); a2 = heapalloc(a, ,36); readfile(pfile,a2,60,1,0); heapfree(a2); before readfile,the heap manage & date is: 0008D8F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0008D900 00 00 00 00 00 00 00 00 AB AB AB AB AB AB AB AB 0008D910 00 00 00 00 00 00 00 00 DD 02 06 00 00 14 EE FE 0008D920 78 01 07 00 78 01 07 00 EE FE EE FE EE FE EE FE ^-------last heap struct point after readfile, the heap manage & data is: 0008D8F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0008D900 00 00 00 00 00 00 00 00 00 00 33 33 33 33 33 33 0008D910 33 33 33 33 33 33 33 33 34 34 34 34 35 35 35 35 0008D920 36 36 36 36 37 37 37 37 33 33 33 33 33 33 33 33 heap management struct and two point is overflowd. |
|
17-05-06
| ||||
| ||||
| looks much a heap overflow in this case yes you can usually control then a function looking like mov dword [ecx],eax mov dword [eax+4],ecx wich allow you to write 4 bytes everywhere. |
|
17-05-06
| |||
| |||
| Quote:
|
|
17-05-06
| ||||
| ||||
| if it's winhlp related , you can forget  |
|
17-05-06
| |||
| |||
| Quote:
But why you said "if it's winhlp related , you can forget ". I know winhlp vulnerability is released. Your meens no one can develp exploit? |
|
17-05-06
| ||||
| ||||
| nah I just mean it has been found already many bugs in it so that's not that hot, if yours anyway is usable remotely, try contacting zerodayinitiative.com, they pay high price for and you are welcome to put me as the referer if it's the first time you are selling to them :> , good luck with it |
|
17-05-06
| |||
| |||
| Quote:
but it seems very hard to exploit. |
| Sponsor | ||
| ||
| |
|
| | |
| heap, help, overflow, problem | |
LinkBacks (?)
LinkBack to this Thread: http://heapoverflow.com/f0rums/applications-tools-papers/1211-hi-i-have-heap-overflow-problem-who-can-help-me.html | ||||
| Posted By | For | Type | Date | |
| help - Members and Communities tagged with help - Zoints | This thread | Refback | 15-01-08 18:00 | |
| Thread Tools | |
| Display Modes | |
Linear Mode
| |
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Titan FTP Server 6.03 (USER/PASS) Remote Heap Overflow PoC | Heap | Public | 0 | 02-02-08 19:19 |
| iMesh 7.1.0.x (IMWeb.dll 7.0.0.x) Remote Heap Overflow Exploit | Heap | Public | 0 | 20-12-07 02:16 |
| BitDefender Online Scanner 8 ActiveX Heap Overflow Exploit | Heap | Public | 0 | 28-11-07 03:26 |
| A olly big problem when it is debuged for heap overflow | paris-ye | OllyDbg | 1 | 20-05-06 20:25 |
| Microsoft Windows Media Player BMP Handling Buffer Overflow | 9 Below Zero | Public | 0 | 16-02-06 07:14 |
