9 - Windows Heap Overflows using the Process Environment Block (PEB)
A paper that focuses on developing cross-platform exploits for Windows when abusing or exploiting Heap Overflows. By using the Process Environment Block (PEB) we are guaranteed a stable pointer to overwrite, providing the execution of malicious code.
eZine lover (@eZine)
Published in
open security
· 23 Dec 2022
by c0ntex | c0ntexb[at]gmail.com www.open-security.org The PEB (Process Environment Block) is a process specific area of userland memory that contains details about each running process. Since PEB information is user modifyable, it runs in the context of the process address space. Information contained in the PEB includes the image base address, heap information, loaded modules and defined environment variables amongst other things. A quick look at the PEB of a vulnerable application shows us this information: 0:000> !peb PEB at 7ffdf000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: Yes ImageBaseAddress: 004000...