Video
EXPLOIT RESEARCH MEGAPRIMER PART 7 OVERWRITE SEH
Description:
Welcome to Part 7 of the Exploit Research Megaprimer. Please begin this series by watching Part 1, if you have not already done so!This video will build on SEH concepts discussed in the previous one. We will understand how the exception dispatcher works, KiUserExceptionDispatcher and other important code in the OS responsible for exception handling, __except_handler3(), exception registration records and their structure, exception handler prototype, analysis of the thread stack and the exception dispatcher stack, how the Establisher Frame points to the Exception Registration Record, pointing the exception handler to a POP/POP/RET sequence and the implications of the same for EIP and how a buffer overflow can help an attacker overwrite the SEH records. This video is a must watch before we actually take up exploiting a SEH vulnerability. As always, the theory is explained with the help of taking a practical example to understand all these concepts.