Skip to Main Content
Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals
book

Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals

by James C Foster
April 2005
Intermediate to advanced content levelIntermediate to advanced
700 pages
20h 39m
English
Syngress
Content preview from Sockets, Shellcode, Porting, and Coding: Reverse Engineering Exploits and Tool Coding for Security Professionals
NOTE
Many exploits favor the use of ntdll.dll and kernel32.dll as a trampoline for a
number of reasons.
1. Since Windows NT 4, every process has been required to load ntdll.dll
into its address space.
2. Kernel32.dll must be present in all Win32-based applications.
3. If ntdll.dll and kernel32.dll are not loaded to their preferred base
address, then the system will throw a hard error.
By using these two libraries in our example, we significantly improve the
chances that our return address corresponds to our desired opcodes.
Due to new features, security patches, and upgrades, a DLL may change with every
patch, service pack, or version of Windows. In order ...
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

32/64-Bit 80x86 Assembly Language Architecture

32/64-Bit 80x86 Assembly Language Architecture

James Leiterman

Publisher Resources

ISBN: 9781597490054