Easier way to write exploits using !pvefindaddr
September 23, 2011 in White Papers
This paper is intended to demonstrate the efficiency of !pvefindaddr. A lot of people complaining about how many apps they must use when writing exploits, or how time consuming some tasks can be if they are not automated or when trying to test multiple dll’s for SAFESEH or ASLR, that’s where !pvefindaddr comes in.
What you will have done after following this tutorial:
- Determined the exact offset before EIP gets overwritten and also a register that
points to our buffer.
- Found our type of exploit, and some information on how to structure it
- Found out which modules have SAFESEH, ASLR or get rebased
- Found the instruction needed for avoiding these modules and the OS modules aswell
- Checked if the shellcode contains bad characters.
All of the above with is done with just !pvefindaddr which obviously saves a large amount of time.
View the pdf here:easierexploits