Description:
Welcome to Part 7 of the Exploit Research Megaprimer.
Please begin this series by watching Part 1, if you have not already done so!This video will build on SEH concepts discussed in the previous one. We will understand how the exception dispatcher works, KiUserExceptionDispatcher and other important code in the OS responsible for exception handling, __except_handler3(), exception registration records and their structure, exception handler prototype, analysis of the thread stack and the exception dispatcher stack, how the Establisher Frame points to the Exception Registration Record, pointing the exception handler to a POP/POP/RET sequence and the implications of the same for EIP and how a buffer overflow can help an attacker overwrite the SEH records. This video is a must watch before we actually take up exploiting a SEH vulnerability. As always, the theory is explained with the help of taking a practical example to understand all these concepts.
Hope you enjoy this video! Please do leave your comments behind.
Tags: basics ,
Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.
Comments:
hi Vivek
For me - your coverage of SEH basics details is perfect and the speed is also correct. Hope you can continue with many more such videos!
@nitinvk04 Thanks! Yes, for sure. I am just a bit caught up now with the new website work, so taking a bit if time. Stay Tuned!
Perfekt combinition of theory and practice
Thanks Jan! :) Hope my accent was not too much of a problem.
Once again Vivek you have outdone yourself. Great tempo and speed. I found my first SEH overflow in a program the other day. I have been working on a exploit for it for last 2 days and I am pretty stuck. I decided I needed to have a deeper look into SEH! You are usually my first stop when I really need to dig into a advanced topic. I think I am going to get my answer why it's not working in the next video. Thinking SafeSEH?? Love your ExploitFU Man!!
cool
wow...getting harder. SEH theory is not easy for me.
journey is far away...Thank your for your video.
@Vivek, thank you for this nice teaching videos. I can't find the Easy Chat program at the google-searching machine. Could you please write the link for that program in to the commentbox, too? I have all these things understood. Thank you again and again.
@cb53 you can download Easy chat server 2.2 from here http://www.exploit-db.com/exploits/8142/