Re: Getting passwords from the heap?

[Jason Spence <thalakan () lightconsulting com>]

On Tue, Jun 26, 2001 at 10:10:56AM -0500, H D Moore developed
a new theory of relativity and: 

> I played with this a while back but couldnt find any other memory
> but my own.  What OS/kernel?  Theoretically the actual Pages should
> be zero'd out before another user can use them...

I've tried this on a Debian Linux box, and tried to make it work on
cygwin (which I haven't gotten working yet).

After some research, I found out that it's not malloc, it's auto
variables in C:

==============================================================================
int i;
char * buf;

buf = malloc(2<<16);

if(buf < 0) {
       perror("malloc");
}
for(i = 0; i < (2<<16); ++i) {
       printf("%x ", buf[i]);
}

==============================================================================

That gives zeros.  This, though...

==============================================================================
#define BUFSIZE (2<<16)

int main(void) {
  int i;
  int len;
  char buf[BUFSIZE];

  for(i = 0; i < BUFSIZE; ++i) {
    for(len = 0; len < 78; ++len) {
      printf("%2x ", buf[i]);
    }
    printf("\n");
  }

  printf("\n");
  return 0;
}
==============================================================================

That gives me the weird memory.  Had nothing to do with malloc at
all.  I'd like some other people to try the above on different
systems.  I'm particularly interested in getting some hexdumps of the
data found so I can feed it to a disassembler and figure out if text
segments are getting allocated.

Also, what is the difference between malloc(3) and calloc(3)?  calloc
says it's supposed to clear the memory, but malloc(3) does that too...

-- 
 - Jason

HEAD CRASH!!  FILES LOST!!
Details at 11.