Since some people have been chomping at the bit for the next challenge, so here it is. The same rules apply as did last time. When we say no static stack return addresses, this also means of course that there's no need for NOP sleds, so I shouldn't see them in solutions. This time around you'll find a solution under Windows 2000 SP4, then you'll find a solution for Windows XPSP2. I've also included a windbg cheat sheet to save the poor soul who told us he had worked out a solution using only Dr. Watson...

"Please be advised that a noticeable taste of blood is not part of any test protocol"

awbo3.exe download and windbg cheatsheet