[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] 2 nice pop/pop/ret :)

To: "Full-Disclosure" <Full-Disclosure@xxxxxxxxxxxxxxxxx>, <framework@xxxxxxxxxxxxxx>
Subject: [Full-disclosure] 2 nice pop/pop/ret :)
From: "class 101" <class101@xxxxxxxxxxxxx>
Date: Wed, 9 Mar 2005 09:53:56 +0100

Here is the result of comparing some huge list of pop/pop/ret of XP SP1,
SP1a, SP2 ENGLISH

I got 2 universal offsets accross those 3 Os

SP2 ENGLISH

0x71ABE325 pop esi - pop - retbis
0x77E7F69E pop ebx - pop - retbis

SP1a ENGLISH

0x71ABE325 pop edi - pop - retbis
0x77E7F69E pop ebx - pop - retbis

SP1 ENGLISH

0x71ABE325 pop edi - pop - retbis
0x77E7F69E pop ebx - pop - retbis


enjoy :)


-------------------------------------------------------------
class101
Jr. Researcher
Hat-Squad.com
-------------------------------------------------------------

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/

Prev by Date: Re: [Full-disclosure] Administrivia: A new home for FD
Next by Date: [Full-disclosure] 2 nice pop/pop/ret :) (update)
Previous by thread: [Full-disclosure] linux break in challenge
Next by thread: [Full-disclosure] 2 nice pop/pop/ret :) (update)
Index(es):
- Date
- Thread