Vulnerability Development mailing list archives
Re: Getting passwords from the heap?
From: H D Moore <hdm () secureaustin com>
Date: Wed, 27 Jun 2001 03:23:30 -0500
On Wednesday 27 June 2001 02:53 am, Jason Spence wrote:
I've tried this on a Debian Linux box, and tried to make it work on cygwin (which I haven't gotten working yet).
for(i = 0; i < BUFSIZE; ++i) { for(len = 0; len < 78; ++len) { printf("%2x ", buf[i]); }
Ok, maybe my C is getting rusty, but doesnt that just print out each byte 78 times? Why the extra for() loop?
That gives me the weird memory. Had nothing to do with malloc at all. I'd like some other people to try the above on different systems. I'm particularly interested in getting some hexdumps of the data found so I can feed it to a disassembler and figure out if text segments are getting allocated.
I tried the above program and was able to see some text strings from my user's environment, but nothing past that. I will play with it a bit more and see if I can positively identify the memory that it runs into.
Also, what is the difference between malloc(3) and calloc(3)? calloc says it's supposed to clear the memory, but malloc(3) does that too...
malloc() doesn't clear the memory, it requests a page from the OS, and the OS may clear that page that the memory is allocated from if it hasnt already been allocated for that user. So the first malloc of 2k will return clean memory, but the next malloc of 1k could return memory that has been mucked with by something else in that process (variables in called functions, libc, etc). That could be completely wrong technically but thats what I have seen in practice. I have this fuzzy understanding that pages are normally 4k and once you have malloc'd more memory then is left in your "current" page, the OS gives you another (which it then clears). if anyone knows more about the exact workings of memory and page allocation under linux, windows, and other OS's I would be great if they shared...
Current thread:
- Getting passwords from the heap? Jason Spence (Jun 26)
- Re: Getting passwords from the heap? Felix von Leitner (Jun 26)
- Re: Getting passwords from the heap? Dennis McHenry (Jun 27)
- Re: Getting passwords from the heap? Jason R. Seats (Jun 27)
- RE: Getting passwords from the heap? Vladimir Kraljevic (Jun 27)
- Re: Getting passwords from the heap? Dennis McHenry (Jun 27)
- Re: Getting passwords from the heap? H D Moore (Jun 26)
- Re: Getting passwords from the heap? Jason Spence (Jun 27)
- Re: Getting passwords from the heap? H D Moore (Jun 27)
- Re: Getting passwords from the heap? Aigars Grins (Jun 27)
- Re: Getting passwords from the heap? Jason Spence (Jun 27)
- Re: Getting passwords from the heap? ian (Jun 28)
- Re: Getting passwords from the heap? Jason Spence (Jun 27)
- Re: Getting passwords from the heap? Felix von Leitner (Jun 26)
- Source code of the Sadmin Worm Cabezon Aurélien [iSecureLabs] (Jun 27)
- <Possible follow-ups>
- RE: Getting passwords from the heap? Michael Wojcik (Jun 27)