[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Exploiting in Unicode and XP SP2



> -----Original Message-----
> From: Ivan Stroks [mailto:ivanstroks@xxxxxxxxxxx] 
> Sent: Tuesday, June 06, 2006 10:30 PM
> To: vuln-dev@xxxxxxxxxxxxxxxxx
> Subject: Exploiting in Unicode and XP SP2
> 
> I am trying to exploit a stack buffer overflow in a
> Windows Application running in XP SP2.
[...]
>     . I have found an address with a call [ebp+30] in
> Unicode.nls. In Windows 2000, I can execute the
> instruction located in that memory space, where as in
> XP, I cannot. Does XP prevent the execution of
> intructions, if the memory hasn't Execute access?
> Because I can execute in W2K, but not in XP.

Yes, XPSP2 does (under the default software DEP settings). The protection is
not generic unless you're using hardware DEP, but the page status is checked
during exception handling, so it won't dispatch to an NX page.

ben