exploit'


6


Windows 2000 NTDLL.DLL!RtlUnwind

"" , EBX SEH-. , handler' JMP EBX (FFh E3h) CALL EBX (FFh D3h), , (, "" , , ). , prev. -! prev, , JMP SHORT sell?code. , x86- , shell- .

Windows XP , ! - __except_handler3, RTL , . , .

 

.text:004012D1 mov esi, [ebx+0Ch] ; SEH-

.text:004012D4 mov edi, [ebx+8]

.text:004012D7

.text:004012D7 unknwn_libname_2: ; CODE XREF: unknwn_libname_1+90vj

.text:004012D cmp esi, 0FFFFFFFFh ; ?

.text:004012DA jz short unknwn_libname_5 ; ,

.text:004012DC lea ecx, [esi+esi*2]

.text:004012DF cmp dword ptr [edi+ecx*4+4], 0

.text:004012E4 jz short unknwn_libname_3 ; Microsoft VisualC 2-7/net

.text:004012E6 push esi ;

.text:004012E7 push ebp ;

.text:004012E8 lea ebp, [ebx+10h]

.text:004012EB call dword ptr [edi+ecx*4+4];

.text:004012EF pop ebp ;

.text:004012F0 pop esi ;