Re: SEH and overwrite EIP

From: opexoc@gmail.com
To: vuln-dev@securityfocus.com
Cc:
Subject: Re: SEH and overwrite EIP
Date:


maybe I have formulated badly this question. I mean that if we can overwrite return address of the function properly ( without access violation ) then we can overwrite SEH properly ( without access violation ) and if we can overwrite SEH properly then we can overwrite return address properly. So it seems ( for me ) that SEH overwrite is equivalent to  return address overwrite. Since return address is more simple to handle, so there is no need to play with SEH. So why hackers play with it? ( I talk there only about defualt SEH, which is encountered during access violation - i.e http://www.milw0rm.com/exploits/4651 ) Maybe I miss something very important there.

best,

opexoc 





Copyright © 1995-2020 LinuxRocket.net. All rights reserved.