[28826] in bugtraq
Re: Preventing /*exploitation with*/ rebasing
daemon@ATHENA.MIT.EDU (Shaun Clowes)
Sat Feb 8 03:17:27 2003
Message-Id: <5.2.0.9.0.20030208131108.00ac58b0@mail.securereality.com.au>
Date: Sat, 08 Feb 2003 13:15:44 +1100
To: bugtraq@securityfocus.com
From: Shaun Clowes <shaun@securereality.com.au>
In-Reply-To: <13318289468.20030207205718@gmx.de>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Hey All,
At 08:57 PM 7/02/2003 +0100, dullien@gmx.de wrote:
>Concerning information on TIB and PEB: If you're too lazy to learn
>russian/polish, you might consider taking (a) the wine header files
>(which attempt to document parts of these structures) and (b) a
>debugger and go spellunking yourself.
>Oh, and MS does provide some limited information:
>http://msdn.microsoft.com/msdnmag/issues/02/08/EscapefromDLLHell/default.aspx
Incase anyone is wondering about these Russian papers on the reverse
engineered contents of the PEB and TIB there have been a number of posts to
the newsgroups with the structures in question. You don't have to
understand Russian given that the field names make most of them pretty
obvious, check out:
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&q=_NT_TEB&btnG=Google+Search
Cheers,
Shaun
