hello all …
why i prepare my self for OSCP … i start to write SEH exploit for an FTP server but ASLR enabled on all .dll libraries , anyway i found some tut. how to get around this NULL address like this :
After some calculations I’ve came up with the following commands that are going to generate “003E3988” in EAX for us :
AND EAX,41414141 “ZERO OUT EAX”
AND EAX,3E3E3E3E “ZERO OUT EAX”
SUB EAX,4B4A687D
SUB EAX,6A3C0951
SUB EAX,4A3B5468 “=> EAX=003E3988”
can u please explain for me how me did it ?? what is the calc process !!