Windows XP SP1利用UEF机制进行堆溢出漏洞利用

文章预览

本文是对fuzzysecurity教程Heap Overflows For Humans 101学习过程的记录，希望这篇文章能给在学习堆溢出漏洞的读者有所帮助。 1 环境配置 ◆Windows XP SP1 ◆调试器 OllyDebugger，mona 插件 ◆Visual C++ 6.0 ◆Python 2.7.1 2 编译程序 #include #include int foo(char *buf); int main(int argc, char *argv[]) { HMODULE l; l = LoadLibrary("msvcrt.dll"); l = LoadLibrary("netapi32.dll"); printf("\n\nHeapoverflow program.\n"); if(argc != 2) return printf("ARGS!"); foo(argv[1]); return 0; } int foo(char *buf) { HLOCAL h1 = 0, h2 = 0; HANDLE hp; hp = HeapCreate(0,0x1000,0x10000); if(!hp) return printf("Failed to create heap.\n"); h1 = HeapAlloc(hp,HEAP_ZERO_MEMORY,260); printf("HEAP: %.8X %.8X\n",h1, ); strcpy((char*)h1,buf); h2 = HeapAlloc(hp,HEAP_ZERO_MEMORY,260); printf("hello"); return 0; } 编译成程序HeapOver.exe 3 定位溢 ………………………………