[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: OllyDbg long process Module debug Vulnerability
From: ATmaCA ATmaCA <atmaca () atmacasoft ! com>
Date: 2005-03-19 6:11:51
Message-ID: 20050319061151.1451.qmail () www ! securityfocus ! com
[Download RAW message or body]
Vendor:
Oleh Yuschuk
Application:
OllyDbg
http://home.t-online.de/home/Ollydbg/
Introduction:
OllyDbg is a 32-bit assembler level analysing debugger for Microsoft® Windows®.
Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable.
Affected Versions:
1.10 (final version) and prior versions.
Overview:
In OllyDbg, if a target process loads modules that contains long name
(greater than around 200 bytes), OllyDbg will be crashed.
This hole can be used for an anti-debug method for OllyDbg.
Vendor Status:
No vendor response.
Discovery:
ATmaCA
atmaca@atmacasoft.com
www.atmacasoft.com
www.spyinstructors.com
Credit to Kozan
POC:
Debug this program with OllyDbg,
when the program runs, a folder that named "olly hole" will be
created on desktop and a long named dll will be created in
this folder. then it will load this and finally
olly debug will be crashed.
http://www.atmacasoft.com/exp/OllyHole.exe
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic