Differences

This shows you the differences between two versions of the page.

--- exploiting:windows:start [2019/05/02 11:19] – created ebaer
+++ exploiting:windows:start [2019/05/07 15:42] (current) – ebaer
@@ Line 4: / Line 4: @@
-<code>
+<code bash>
 Program Files (x86)\Common Files\microsoft shared\VC>regsvr32 msdia90.dll
 \Windbg86>symchk /r c:\windows\system32\ntdll.dll /s SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
 </code>
-<code>
+<code bash>
 .load pykd.pyd
 !py mona modules
+!py mona config -set workingfoler c:\_c\mona
+!py mona.py find -s '\xff\xe4' -m
+# ffe4 -> jmp esp
+mona.py stackpivot -distance 2221,2800
+# 0x0044adec : {pivot 2260 / 0x8d4} :  # MOV DWORD PTR FS:[0],ECX # ADD ESP,8D4 # RETN    ** [DevManBE.exe] **   |  startnull {PAGE_EXECUTE_READ}
 </code>
+==== !Exploitable ====
+[[https://archive.codeplex.com/?p=msecdbg]]
+[[https://blog.didierstevens.com/2018/07/17/exploitable-crash-analyzer-statically-linked-crt/]]