=======================================================

Friday, October 12, 2012

POP POP RETN

Why POP POP RETN used on SEH exploitation?

Because POP POP RETN is a sequence of instructions needed in order to create SEH (Structured Exception Handler) exploits. 

In the process command of POP POP RETN :
Each time a POP command running 1 time, ESP is moved towards higher addresses by one position (1 position = 4 bytes for a 32-bit architecture). Each time a RET occurs, the contents of the address ESP points at are put in EIP and executed.

So, we need to escape from SEHandler with POP POP RETN.
1. POP (first) ==> Pointer next SEH record
2. POP ( second ) ==> Pointer to Exception Handler
3. RETN ==> contents of the address ESP points at are put in EIP and executed.

Time

No comments:

Post a Comment

Subscribe to: Post Comments (Atom) 

==========================================================================
==========================================================================
                                                                
IIIIIIIIII   SSSSSSSSSSSSSSS  222222222222222           CCCCCCCCCCCCC
I::::::::I SS:::::::::::::::S2:::::::::::::::22      CCC::::::::::::C
I::::::::IS:::::SSSSSS::::::S2::::::222222:::::2   CC:::::::::::::::C
II::::::IIS:::::S     SSSSSSS2222222     2:::::2  C:::::CCCCCCCC::::C
  I::::I  S:::::S                        2:::::2 C:::::C       CCCCCC
  I::::I  S:::::S                        2:::::2C:::::C              
  I::::I   S::::SSSS                  2222::::2 C:::::C              
  I::::I    SS::::::SSSSS        22222::::::22  C:::::C              
  I::::I      SSS::::::::SS    22::::::::222    C:::::C              
  I::::I         SSSSSS::::S  2:::::22222       C:::::C              
  I::::I              S:::::S2:::::2            C:::::C              
  I::::I              S:::::S2:::::2             C:::::C       CCCCCC
II::::::IISSSSSSS     S:::::S2:::::2       222222 C:::::CCCCCCCC::::C
I::::::::IS::::::SSSSSS:::::S2::::::2222222:::::2  CC:::::::::::::::C
I::::::::IS:::::::::::::::SS 2::::::::::::::::::2    CCC::::::::::::C
IIIIIIIIII SSSSSSSSSSSSSSS   22222222222222222222       CCCCCCCCCCCCC
                                                                   
==========================================================================
==========================================================================

My Classmate

Show All 

==========================================================================
        (        )      )          (    (           (     
  *   ) )\ )  ( /(   ( /(   (      )\ ) )\ )        )\ )  
` )  /((()/(  )\())  )\())  )\    (()/((()/(   (   (()/(  
 ( )(_))/(_))((_)\  ((_)\((((_)(   /(_))/(_))  )\   /(_)) 
(_(_())(_)) __ ((_)  _((_))\ _ )\ (_)) (_))_  ((_) (_))   
|_   _|| _ \\ \ / / | || |(_)_\(_)| _ \ |   \ | __|| _ \  
  | |  |   / \ V /  | __ | / _ \  |   / | |) || _| |   /  
  |_|  |_|_\  |_|   |_||_|/_/ \_\ |_|_\ |___/ |___||_|_\  
                                                         
==========================================================================