Writing a buffer overflow attack against a Windows program present
several challenges that make it a bit more difficult than writing
exploits on a Linux platform. In addition to not having popular tools
such as gdb (the GNU Debugger) an attacker is faced with a closed box.
Not only are most Windows applications closed source, but the operating
system itself doesn't provide much transparency. When taken together
this makes an attackers job fairly daunting.
Windows buffer overflow attacks are quite possible, however,
and I'm writing this tutorial to walk you through developing one such
attack. This article assumes some prior knowledge of assembly, x86
architecture, C and Perl programming. I hate to raise the bar like
that, but if you're not familiar with these concepts then writing
buffer overflows will be next to impossible as their inner workings
hinge on all of these topics. While there are many tools you can use to
assist in the process of finding and exploiting buffer overflow
vulnerabilities, without a thorough understanding of how they work
you're going to have a very hard time actually creating new exploits.