In October 2004 it was discovered by MaxPatrol team that it is possible to defeat Microsoft® Windows® XP SP2 Heap protection and Data Execution Prevention mechanism. As a result it is possible to implement:
Arbitrary memory region write access (smaller or equal to 1016 bytes)
- Arbitrary code execution
- DEP bypass.
http://www.maxpatrol.com/ptmshorp.asp
Full Version: Defeating Win Xp Sp2 Heap Protection & Dep Bypass
Very interesting, anyone else check out the article? Ariticle can be found here. With the code at the end of the article (changed it around a little bit) I succesfully exploited my friends machine. Thanks for the info.
anyone copiled the sorece???? i need it pls for testing on some computers...
tnx
tnx
spiffypat would you care to ellaborate with what u did to the code and how u exploited your friends machine.
Help appreciated.
Help appreciated.
uzzi please don't ask for compile requests, im sure all you need to do is get LCC or DEV-C++ - or a combination of both and play with them a little bit. anyway, if this is true WIndows 2003 Server family can also be exploited
Indeed Windows Server 2003 can be exploited there are several papers on this.
Btw. here is a nice link on different "Exploit Mitigation Techniques": http://laurens.netric.org/OpenBSD/papers/E...tionTechniques/
Btw. here is a nice link on different "Exploit Mitigation Techniques": http://laurens.netric.org/OpenBSD/papers/E...tionTechniques/
QUOTE(jead99 @ Feb 2 2005, 05:21 PM)
Btw. here is a nice link on different "Exploit Mitigation Techniques": http://laurens.netric.org/OpenBSD/papers/E...tionTechniques/
Interesting pictures/powerpoint (I guess), though it looks a bit weird at the beginning, somehow has the flair of that "DNS for dummies"-thing in the Open Topic
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
