Suppressing Abnormal Application Termination

Previous page
Table of content
Next page

No matter how the shellcode has captured control, when it happens, it can register a custom handler of structured exceptions. This can be done as shown in Listing 5.7.

Listing 5.7: Registration of the custom handlers of structured exceptions
image from book 
 PUSH handler             ; Write the address of the custom structured exception handler. PUSH FS:[00000000h]      ; Write the address of the pointer  to the previous  SEH frame. MOV FS, [00000000h], ESP ; Register the new SEH frame.
image from book
 

Now, if the shellcode touches an invalid cell or makes some error of a similar type, the application being attacked won't be closed by the operating system. Control will be returned to the shellcode, informing it that it mustn't access that cell and has to immediately change tactics using other algorithms. The shellcode might cause multiple exceptions, and the main goal for the hacker consists of avoiding stack overflow. The maximum nesting depth is large but still limited.


Previous page
Table of content
Next page
Shellcoder's Programming Uncovered
Shellcoders Programming Uncovered (Uncovered series)
ISBN: 193176946X
EAN: 2147483647
Year: 2003
Pages: 164
Authors: Kris Kaspersky
BUY ON AMAZON
Agile Project Management: Creating Innovative Products (2nd Edition)
C++ How to Program (5th Edition)
Postfix: The Definitive Guide
Introduction to 80x86 Assembly Language and Computer Architecture
Special Edition Using Crystal Reports 10
GDI+ Programming with C#
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy