I'm using OllyDBG to debug a SEH overflow program, on Windows XP SP3 (32 bit)
During tests I can overflow both nSEH and SE handler value, as shown in the figure above.
Now the problem is OllyDBG doesn't actually "capture" the exception, the program being debugged seems to quit immediately.
Then I changed the SE handler address to some fixed address in kernel, e.g an address that does a pop pop ret instruction, add a debug breakpoint on the first pop instruction, and OD doesn't stop there either ..
I also tried to change nSEH value to 0xFFFFFFFF, doesn't help either ..
Any ideas?
