$ uname -a
CYGWIN_NT-5.1 changeme 1.7.7(0.230/5/3) 2010-08-31 09:58 i686 Cygwin
$ ./vul
function 2 address = 0x4011a0
Address c = 0x22ccd1 and value = 1d
Segmentation fault (core dumped)
$ cat vul.exe.stackdump
Exception: STATUS_ACCESS_VIOLATION at eip=0022CCF3
eax=7E410000 ebx=7C801D7B ecx=7C801BFA edx=00240608 esi=00000000 edi=0022CE64
ebp=42424242 esp=0022CD20 program=C:\exploit\vul\vul.exe, pid 924, thread main
cs=001B ds=0023 es=0023 fs=003B gs=0000 ss=0023
Stack trace:
Frame Function Args
3 [main] vul 924 exception::handle: Error while dumping state (probably corrupted stack)
Does the Data Execution Prevention (DEP) on Windows XP Pro SP3 preventing the payload from executing after the EIP has been overwrite with the function2()'s "c" array address on the Cygwin environment?
There are many variables at play here which could have affected one lab test over another. I would suggest you write exactly what your lab environment was and we can then help troubleshoot it somewhat better.
The program was develop and tested on virtual machine environment (VMWare x86 -> 32 bits) Cygwin v 1.7.7 under Windows XP Pro SP3 platform. By the way, there is AVG (anti-virus) installed.
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum