Bugtraq mailing list archives
Re: Preventing exploitation with rebasing
From: Bugtraq User <bq () soft-analysts com>
Date: Wed, 5 Feb 2003 17:43:00 -0500 (EST)
Going back to exe image files and rebasing. Surely they can be rebased even without a .reloc section? All I need to do is edit the image base in the PE header then parse the assembly looking for absolute addresses such as function addresses, static variables etc and modify these addresses, too.
I'm sorry but I don't think this is feasible in real life. In a test program it may seem possible, but try and apply it to a real PE executable that actually does something and you will see that it is not. To even begin to do what you suggest, you would need to: 1) Write a functional disassembler that understands instruction boundaries and knows which instructions reference absolute addresses (easy). 2) Understand parts of the code section that are not assembly instructions, such as JMP tables used by switch statements, and similar constructs (getting harder). 3) Understand and be able to predict unknown data types, or infer their data type by where they may or may not be referenced within code (quite difficult). How do you know if \x44\x42\x41\x00 within a .data section is an absolute address 0x414244 or if it is actually the string DBA\0? For all that effort, you might as well develop a more worthwhile security measure.
Current thread:
- Re[2]: Can't Preventing exploitation with rebasing, (continued)
- Re[2]: Can't Preventing exploitation with rebasing dullien (Feb 05)
- Observation on randomization/rebiasing... Nicholas Weaver (Feb 05)
- RE: Observation on randomization/rebiasing... Jason Coombs (Feb 05)
- Re: Preventing exploitation with rebasing Crispin Cowan (Feb 05)
- Re: Preventing exploitation with rebasing David S Goldberg (Feb 05)
- Re: Preventing exploitation with rebasing Alun Jones (Feb 05)
- Re: Preventing exploitation with rebasing Deus, Attonbitus (Feb 06)
- RE: Preventing exploitation with rebasing Riley Hassell (Feb 05)
- Re: [VulnDiscuss] Preventing exploitation with rebasing Michal Zalewski (Feb 05)
- Re: Preventing exploitation with rebasing David Litchfield (Feb 05)
- Re: Preventing exploitation with rebasing Bugtraq User (Feb 05)
- Re: Preventing exploitation with rebasing D.C. van Moolenbroek (Feb 05)
- Re: Preventing exploitation with rebasing Michal Zalewski (Feb 05)
- Re: Preventing exploitation with rebasing Todd Sabin (Feb 05)
- Re: Preventing exploitation with rebasing Seth Breidbart (Feb 06)
- Re: Preventing exploitation with rebasing Richard Moore (Feb 06)
- Re: Preventing exploitation with rebasing Carolyn Meinel (Feb 07)
- RE: Preventing exploitation with rebasing Jason Coombs (Feb 07)