Presently reading and trying to follow http://grey-corner.blogspot.co.uk/2010/01/seh-stack-based-windows-buffer-overflow.html
Ingredients – in progress tbc
1oz of Windows PC
2 scoops of http://www.ollydbg.de/
1ml of OllySSEH plugin – http://www.openrce.org/downloads/details/244/OllySSEH
1. Download OllyDbg 1.10 from http://www.ollydbg.de/
2. Download OllySSEH plugin (Found does not work so feel free to ignore this stage.)
3. Un rar OllyDbg and place into a folder of option.
4. Create new folder inside of ODbg called Plugins the Un rar OllySSEH (inside move to Project / Release / OllySSEH.dll copy and paste back in Plugins folder.
5. Double click OLLYDBG.exe
6. Options / Directories / Plugin path: point to your new folder called Plugins.
7. File / Open / select your exe or .dll
8. Plugins / SafeSEH / Scan /SafeSEH Modules – And OllyDbg, 32-bit analyzing debugger has stopped working.
9. Restart OLLYDBG.exe – forget SafeSEH and in the words of grey-corner.blogspot.co.uk
“As an alternate method to using OllySSEH, we can start by using the View->Executable Modules menu option to show a the list of modules loaded with the application, and we can then analyse each individual file using msfpescan to determine whether we can use it to provide a usable SEH overwrite address.”
Out of interest msfpescan location in Backtrack 5r1
root@bt:/pentest/exploits/framework2# msfpescan -i /root/DII/ws2_32.dll