Hi,
I just hanged up with a unkn0wn ( at least for me ) scenario in exploiting a kernel vulnerability in windows .
the problem occurs when I try to fix the condition which cause a bug check. if I set EAX to zero and loading ESP+X into EBP the condition fix and no crash happen.
when I do this in debugger ( I modified registers in debugger and set the saved EIP to it's original value ) every thing is fine and no crash happen at all.
but if i do this by assembly code ( which stores in User-land ) , I got a exception ! sample assembly code that I used :
Code:
xor eax, eax
mov ebp, esp
add ebp, XX
jmp OriginalLocation
any body know what happens ? ( maybe little more reversing show the problem , but I think discussion around the problem is so handy
)
sorry for my horrible eng
