V

Washington University FTP daemon format string vulnerability, 6267

Web server security, 509

Web sites

Alpha Architecture Handbook, 302

Cscope, 384385

Ctags, 385

Cygwin, 124

Datarescue Interactive Disassembler Pro (IDA Pro), 452

gcc (GNU Compiler Collection), 334

gdb (GNU Debugger), 335

Holodeck, 367

IDA pro disassembler, 340

Microsoft Research Detours suite, 432

Microsoft Windows Hardware and Driver Central page, 454

NASM (Netwide Assembler), 335

NetCat, 338

OllyDbg, 335

sharefuzz, 364

Shellcoder's Handbook , 3

SoftICE, 336

Splint, 386

sysinternals, 339

Tru64 Unix Assembly Language Programmer's Guide , 302

WinDbg, 335

WebDAV vulnerability (Microsoft IIS), 470472

wide characters (Unicode), 202203

WideCharToMultiByte() function, 203

Win32

bugs , 118

system calls, 125

"Win32 Buffer Overflows: Location, Exploitation and Prevention" (paper), dark spyrit, Barnaby Jack, dspyrit@beavuh.org, 341

WinDbg debugger, 118, 335

Windows

.data section overflows, 188190

heap

dynamic heaps, 167

how it works, 168172

LIST_ENTRY structures, 168169

process heap, 167

requesting space, 168

heap overflows

calling Win32 API functions, 109

COM objects, 187188

first vectored handler at 77FC3210, 175178

logic program control data, 188

repairing the heap, 185187

RtlEnterCriticalSection in the PEB, 172174

Thread Environment Block (TEB), 184185

Unhandled Exception Filter, 178184

Holodeck fuzzer, 367

non-executable stack, 191

PEB overflows, 190

reverse shells , 337338

stack overflows, 191196

symbol packs , 108, 454

Thread Environment Block (TEB) overflows, 190

Windows 9X/ME, 120

Windows 2000

security holes, 120

SNMP DOS, 421422

Windows 2003 Server

abusing frame-based exception handlers, 157160

abusing frame-based exception handling, 155156

security holes, 121

stack protection, 161167

Windows debuggers

debug.exe , 337338

OllyDbg, 335, 504

SoftICE, 335336

Visual C++, 336

WinDbg, 335

Windows Hardware and Driver Central page (Microsoft Web site), 454

Windows inheritance, 147148

Windows NT

AT service, 111112

DCE-RPC, 112114

DCOM, 110112

DLLs (Dynamic Link Libraries), 107109

exception handling, 116117, 150

heap overflows, 109

PE-COFF (portable executable) files, 107108

security holes, 120

SEH, 117

symbol packs, 108

32-bit Windows API, 106

threading, 109110

tokens, 114116

Windows Performance Monitor, 423

Windows shellcode

encoder/decoder, 123124

extendibility, 126

hardcoded addresses, 125

heapoverflow.c, 126142

kernel32.dll , 125

popping, 147148

Position Independent Code (PIC), 127

Process Environment Block (PEB), 134135

reliability, 126

searching, 142146

size considerations, 126

writing, 119

Windows tools

FileMon, 340

HandleEx, 340

IDA pro disassembler, 340

RegMon, 340

TCPView, 340

Windows XP

security holes, 120

Vectored Exception handling, 117

WinExec() function, 109

working environment

debug.exe debugger, 337338

gcc (GNU Compiler Collection), 334

gdb (GNU Debugger), 335

generic fuzzers , 337

NetCat, 338

offset finder, 336337

OllyDbg, 335

Python, 336

SoftICE, 335336

Unix, 338339

Visual C++, 336

VMWare, 504

WinDbg, 335

Windows, 339340

worms

Code Red, 362, 484

Slammer, 125, 423, 528

wprintf function format string bug, 58

write() system call, 107

write-to- anywhere -in-memory overflow primitives, 269

Writing [a] Linux Kernel Keylogger paper, rd, 343

writing fuzzers, 382

Writing ia32 Alphanumeric Shellcodes paper, rix, 342

writing shellcode

inline assembler, 344345

Windows, 119

WSASocket() function (Windows), 120, 147

WSASTARTUP , 131

wscat() function, 203

wscpy() function, 203

ws2_32.dll , 129131

wu- ftpd 2.6.0, 6365

wuftpd2600.c exploit, 78

Wysopal, Chris, creator of NetCat, 338

w00w00 on Heap Overflows (article), Matt Conover, 341