Posts

Showing posts with the label WinDBG

Windows Exploit Development : Exploiting Structured Exception Handling and ROP Chaining

Image
Hi folks this post is a continuation of a series I'm doing covering the fundamentals of windows exploit development. In this post I'm going to inch a little closer to arbitrary code execution by showing you how to chain ROP gadgets and one or two stack pivoting tricks.

So here's how this post is going to go:
We we're gonna look at how Structured Exception handling worksWe're gonna break it and show how it breaksThen we're going to make it execute whatever code we wantFigure out how to fix our stack pointerChain some ROP gadgets What you needWindows Virtual Machine Debugger Tools for windowsEasy MPEG to DVD Burner (copy available on exploit-db)ImmunityDBG(optional) python script memcoder.py https://gist.github.com/k3170makan/7f55d25869f3f812f8c3706089c0a74c Reverse Engineering Structured Exception Handling
Structured Exception handling is a mechanism offered to functions in that allow them to customize their responses to hardware and software exceptions. Hardwar…

Windows Exploit Development (primer) : Debugging Threads and Analyzing Memory

Image
Hi folks I thought its about time to start blogging about the little experience I have in low level exploitation and analysis - so here goes. To start off on your windows exploitation journey you need to be able to get to grips with a tool and some tricks to get you look at your target the right way. In this post I cover somethings that may help a ton! 
Debugging ThreadsTo get started you are probably going to need a couple things sorted out first, namely a simple windows VM setup with debug tools (tons of tutorials out there on the internet) and a target to exploit: A Windows VM (Microsoft made them free which is awesome!)Windows Debug ToolsYou should grab a copy of  Easy MPEG to DVD Burner on exploit db.
Before we can start crashing programs and controlling EIPs we need to make sure we have the right view of the target we are exploiting. Windows debugger is actually pretty useful in this regard so open it up, open the target program and attach the debugger to it like so:




Once you've…