[Full-disclosure] What is the crap before SEH?

[Tauqeer Ahmad <ahmadtauqeer@xxxxxxxxx>]

Hello list,
   
  while disecting the Bluecoat winproxy long header vulnerability and the HD 
Moor exploit for that, i found in the stack dump a pointer just before SEH. 
this pointer is said to be the "the pointer ot next SEH structure". But when i 
change the single byte of that pointer the exploit didnt work, Although in my 
knowlege it should have worked since it's SEH which points to POP POP RET and 
the control transfers to our shellcode lying after SEH. I will appreciate a 
reply clearing the fact that where that pointer before SEH points to? is that 
pointer overwritten with the same address that was there before the overflow?
   
  It will sound navie for those who already know this concept yet i will 
appreciate a help from those guys by clearifying. I also know some guys will 
come up with the flame as its the Hacking culture to flame others who knows 
less then them. but i can remember the day when i used to wonder how they break 
into the system and i often got flamed for asking a question. yet i have come 
along this far by not heeding an ear to their flame and by keeping learning. so 
a flame will not work ofcourse :P
   
  Thanks in advance,
   
   
   
   

                
---------------------------------
New Yahoo! Messenger with Voice. Call regular phones from your PC and save big.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/