[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] 2 nice pop/pop/ret :) (update)
- To: "Full-Disclosure" <Full-Disclosure@xxxxxxxxxxxxxxxxx>, <framework@xxxxxxxxxxxxxx>
- Subject: [Full-disclosure] 2 nice pop/pop/ret :) (update)
- From: "class 101" <class101@xxxxxxxxxxxxx>
- Date: Wed, 9 Mar 2005 10:01:57 +0100
Here is the result of comparing some huge list of pop/pop/ret of XP SP1,
SP1a, SP2 ENGLISH
I got 2 universal offsets accross those 3 Os
SP2 ENGLISH
0x71ABE325 pop esi - pop - retbis - WS2_32.DLL
0x77E7F69E pop ebx - pop - retbis - RPCRT4.DLL
SP1a ENGLISH
0x71ABE325 pop edi - pop - retbis - WS2_32.DLL
0x77E7F69E pop ebx - pop - retbis - KERNEL32.DLL
SP1 ENGLISH
0x71ABE325 pop edi - pop - retbis - WS2_32.DLL
0x77E7F69E pop ebx - pop - retbis - KERNEL32.DLL
enjoy :)
-------------------------------------------------------------
class101
Jr. Researcher
Hat-Squad.com
-------------------------------------------------------------
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://www.secunia.com/