Re: Can't Preventing exploitation with rebasing

[<bugtraq () gaza halo nu>]

All difficulties posed by such a "rebasing" technique can be conquered.
The only difficulty it presents is getting back to your shellcode.  This
can be overcome easily unless you're remapping kernel memory as well.
The kernel holds secrets to finding loadlibrary and getprocaddress, and a
jmp esp which is all you need to make your shellcode dance.

DIGRESSION:
        Dave Litchfield says you can call esp.  I don't know Dave's
        relationships with his registers but this doesn't work if I want
        to get my eip on top of my shellcode.  Always starts executing a
        memory address for me.  Maybe if I took esp out to dinner more
        often then I could call it instead of having to jump on top of it.
        Dave, any suggestions for the wine list?
END DIGRESSION.

There's no silver bullet for security.  Security is in a fluid state
always, and will always be so.

-Jove

> Brian Hatch <bugtraq () ifokr org> wrote:
> > People keep saying "but it won't stop everything", and that's true.

>   This takes the security versus obscurity argument from the realm of
> personal opinion to one of quantitative statements.  We should have a
> similar goal for this discussion.