|
Luigi Auriemmaaluigi.org (ARCHIVE-ONLY FORUM!) |
|
It is currently 19 Jul 2012 16:28
|
View unanswered posts | View active topics
|
Page 1 of 1
|
[ 5 posts ] |
|
Author |
Message |
senatorstrange2
|
Post subject: access violation Posted: 11 Sep 2008 14:43 |
|
Joined: 11 Sep 2008 14:15 Posts: 3
|
Hi Luigi, i have added your msn-contact.. :d i don't undestand if is always possible to write arbitrary code on win32 environment during an access violation. Are there exceptions? let me know. ciao
|
|
Top |
|
|
|
|
|
|
|
aluigi
|
Post subject: Re: access violation Posted: 11 Sep 2008 15:00 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
depends all by the vulnerable code.
for example an access violation can be a NULL pointer in which case you can't control the code flow (note that I consider ever and only the classical "normal" software and not the programs in which are involved scripts where there is more control on the exceptions, typically the activex stupid things) or a "mov eax,[edx]" or "mov [edx],eax" where you have control of edx or in some other cases where you have no control at all.
in the case of the "mov eax,[edx]" example you can control (or you have a possibility to do it) the code flow if after that instruction eax is used for writing memory on arbitrary locations or is involved in a CALL (like call eax)
instead in the case of the "mov [edx],eax" example you can do something if you have control on both edx and eax
anyway, as already said at the beginning, everything depends by the code and by the luck in finding fixed or partially fixed memory addresses to use for jumping in the shellcode you provide in your input
a suggestion when you test possible bugs with a debugger which probably you already know, check ever if there is a secondary exception (sometimes could happen that the first one is senseless and the secondary is the good one)
|
|
Top |
|
|
senatorstrange2
|
Post subject: Re: access violation Posted: 11 Sep 2008 15:23 |
|
Joined: 11 Sep 2008 14:15 Posts: 3
|
thanks a lot.. see you on msn :D
|
|
Top |
|
|
senatorstrange2
|
Post subject: Re: access violation Posted: 12 Sep 2008 09:30 |
|
Joined: 11 Sep 2008 14:15 Posts: 3
|
Can i ask you another thing? :D it's mandatory to contact vendor or i can pubblish bug without problem? Could be law's problem? i didn't never understand this thing.... ciao
|
|
Top |
|
|
aluigi
|
Post subject: Re: access violation Posted: 12 Sep 2008 12:03 |
|
Joined: 13 Aug 2007 21:44 Posts: 4068 Location: http://aluigi.org
|
there is no law's problem, if the vendor is a moron he will blame you in any case (watch me and the idiots at Gamespy)
it's only up to you to decide if contacting the vendor and releasing the bug, or contacting him and waiting for a patch (depending by the vendor this means days, weeks or months) or releasing the informations about the bug without contacting him.
big vendors are already prepared to bugs disclosed without having been contacted and have no problems with them, just I have been thanked by Trend Micro and some other known vendors for my past bugs released with my new policy (vendor not contacted). the reason is simple, when you find and release information about a bug you are already making a big positive work for them and for free too 8-)
then contacting the vendor is usually a big lost of time, I have done it for years (unfortunately I trusted in the fable of the so called "responsible disclosure"... all bullshits, there is nothing responsible in waiting months for a bug you find for passion and for free) and finally I have learnt that this is all wrong, except in the case of open source software where in my opinion is good to contact them moreover because usually the bugs are fixed in very short time and are kept logged in the cvs/svn... and you are credited ever 8-)
|
|
Top |
|
|
|
Page 1 of 1
|
[ 5 posts ] |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum
|
|