Hi there.........i have found a buffer overflow situation in a windows baesed mail daemon........and i want to exploit it to run arbitrary commands..........i have decided to test it on my local machine so as to execute notepad.exe ............now the problem being that i couldn't successfully code the exploit for this....:-(...........i was trying CreateProcessA to run notepd.exe............i examined this API and found that it pushes 10 parameters before going in for a call............i tried maually adding code in debugger , but the call CreateProcessA doesn't give any results........
so can anyone guide me about how to achieve this ( about createproces API).......or is there any other API/method by which i can achieve it????

Thnx in advance.
theeta.

Okay ......lemme rephrase my question..........

How can i run a process on a system (WinExec?? ) .........

anyone???

theeta.

i smell something funny....

/me howls

hehe.........i meant how exactly to use WinExec API...........

it requires two parameters to be PUSHed........i tried it a lot but no avail.....
so is there any "exploit coder" who can help me out of this???

theeta.

Probably not at a security site, but keep trying. You never know.

hmmmmm.............antipoints for this thread???????
heh..........i don't give a damn.........
FYI i worked it out ( the WinExec thing. )...........actually the API is as following......

UINT WinExec(

LPCSTR lpCmdLine, // address of command line
UINT uCmdShow // window style for new application
);
......and the command line which i was passing wasn't null terminated...:-D.........that's why it wasn't running.......
thank u all for not being of much help.......which pushed me to figure it out myself ,, and yeah, i learnt a lot.....as far as -ive antipoints are concerned i think i have guessed who is it.. ( acid???)....

bye
theeta.

<sarcasm> Wow, that's great - I'm so impressed. </sarcasm>