[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Windows Heap Overflow



hi,

@runix: the w00w00 heap tut will not help him.
first the windows heap structure is different from the linux oder bsd heaps.
and second the w00w00 heap tut is about bss heap stuff, not malloc/free heap
exploitation.

one paper i know about windows heap exploits was presented by david
litchfield on
blackhat windows 2004:

http://www.blackhat.com/presentations/win-usa-04/bh-win-04-litchfield/bh-win-04-litchfield.ppt

and the sample code:

http://www.blackhat.com/presentations/win-usa-04/bh-win-04-litchfield/bh-win-04-litchfield-code.rtf

another nice paper on how to exploit a windows rpc heap bug was written by
dave aitel.

http://www.immunitysec.com/papers/msrpcheap.pdf
http://www.immunitysec.com/papers/msrpcheap2.pdf


hope that helps.

cheers,
johnny cyberpunk / www.thc.org




----- Original Message ----- 
From: "runix" <runix@xxxxxxxxxxxxxx>
To: <vuln-dev@xxxxxxxxxxxxxxxxx>
Sent: Saturday, April 17, 2004 12:54 AM
Subject: Re: Windows Heap Overflow


> Not specifically windows, but you'll get what you need from this paper
> by w00w00:
> http://www.fallenroot.net/texts/bof/heaptut.txt
>
> On Fri, 2004-04-16 at 20:07, lavmarco@xxxxxxxxxxx wrote:
> > Hi all,
> >
> > Where can i gain complete information (papers, tutorial, etc..)
> > about heap overflow exploitation in windows environment?
> >
> > Is It similar to linux dmalloc chunk overflow?
> >
> > Thank you in advance.
> >
> >
> > -----------------------------------------------------------
> > Spazio ILLIMITATO per la tua Email, Scanner Antivirus,
> > Antispam, Backup e POP3. Prova la nuova Email di superEva:
> > http://webmail.supereva.it/
> > -----------------------------------------------------------
> >
>