Vulnerability Development mailing list archives
Re: Getting passwords from the heap?
From: Jason Spence <thalakan () lightconsulting com>
Date: Wed, 27 Jun 2001 00:53:27 -0700
On Tue, Jun 26, 2001 at 10:10:56AM -0500, H D Moore developed a new theory of relativity and:
I played with this a while back but couldnt find any other memory but my own. What OS/kernel? Theoretically the actual Pages should be zero'd out before another user can use them...
I've tried this on a Debian Linux box, and tried to make it work on cygwin (which I haven't gotten working yet). After some research, I found out that it's not malloc, it's auto variables in C: ============================================================================== int i; char * buf; buf = malloc(2<<16); if(buf < 0) { perror("malloc"); } for(i = 0; i < (2<<16); ++i) { printf("%x ", buf[i]); } ============================================================================== That gives zeros. This, though... ============================================================================== #define BUFSIZE (2<<16) int main(void) { int i; int len; char buf[BUFSIZE]; for(i = 0; i < BUFSIZE; ++i) { for(len = 0; len < 78; ++len) { printf("%2x ", buf[i]); } printf("\n"); } printf("\n"); return 0; } ============================================================================== That gives me the weird memory. Had nothing to do with malloc at all. I'd like some other people to try the above on different systems. I'm particularly interested in getting some hexdumps of the data found so I can feed it to a disassembler and figure out if text segments are getting allocated. Also, what is the difference between malloc(3) and calloc(3)? calloc says it's supposed to clear the memory, but malloc(3) does that too... -- - Jason HEAD CRASH!! FILES LOST!! Details at 11.
Current thread:
- Getting passwords from the heap? Jason Spence (Jun 26)
- Re: Getting passwords from the heap? Felix von Leitner (Jun 26)
- Re: Getting passwords from the heap? Dennis McHenry (Jun 27)
- Re: Getting passwords from the heap? Jason R. Seats (Jun 27)
- RE: Getting passwords from the heap? Vladimir Kraljevic (Jun 27)
- Re: Getting passwords from the heap? Dennis McHenry (Jun 27)
- Re: Getting passwords from the heap? H D Moore (Jun 26)
- Re: Getting passwords from the heap? Jason Spence (Jun 27)
- Re: Getting passwords from the heap? H D Moore (Jun 27)
- Re: Getting passwords from the heap? Aigars Grins (Jun 27)
- Re: Getting passwords from the heap? Jason Spence (Jun 27)
- Re: Getting passwords from the heap? ian (Jun 28)
- Re: Getting passwords from the heap? Jason Spence (Jun 27)
- Re: Getting passwords from the heap? Felix von Leitner (Jun 26)
- Source code of the Sadmin Worm Cabezon Aurélien [iSecureLabs] (Jun 27)
- <Possible follow-ups>
- RE: Getting passwords from the heap? Michael Wojcik (Jun 27)