In vstudio command prompt:
mk.bat
next:
attach debugger to services.exe (2k) or the relevant svchost (xp/2k3/...)
net use \\IPADDRESS\IPC$ /user:user creds
die \\IPADDRESS \pipe\srvsvc
In some cases, /user:"" "", will suffice (i.e., anonymous connection)
You should get EIP -> 00 78 00 78, a stack overflow (like a guard page
violation), access violation, etc. However, in some cases, you will get
nothing.
This is because it depends on the state of the stack prior to the "overflow".
You need a slash on the stack prior to the input buffer.
So play around a bit, you'll get it working reliably...
ms08-067 C代码
5星 · 超过95%的资源 需积分: 10 82 浏览量
2008-10-27
13:09:16
上传
评论
收藏 6KB ZIP 举报 
ms08-067.zip (5个子文件) 
ms08-067 
srvsvc_killer.cpp 2KB
MY_HASH.TXT 127B mk.bat 72B srvsvc.idl 31KB README.TXT 638B资源评论
wj971hewei2013-09-02不错,谢谢,对我的学习很有帮助
shingob
- 粉丝: 0
- 资源: 1
