Vulnerability Development mailing list archives
Re: Where else?
From: Michel Arboi <arboi () yahoo com>
Date: Sat, 17 Nov 2001 16:29:46 +0100 (CET)
--- Hung Vu <hungvu () netcom ca> a écrit :
- Dtors - _atexit stuff
How do you plan to overwrite these?
Where else?
IMHO, you should take the problem in a more systematic way. i.e. you can overwrite: 1) any pointer to the code 2) code itself 3) or any function that generates the code (using a technique from points 1 or 2) (3) could mean "just in time compilers" or interpreters, and I am not sure thise would be worth the cost. Dynamic loader hijack is also in this category. (1) C function pointers, return address on stack, method / class pointer (if this makes sense)... (2) code segment (if they can be written), code on stack (e.g. glibc & the GCC trampolines...) or in data segment (some dynamic loaders use this) Just my 0.02$ ___________________________________________________________ Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français ! Yahoo! Courrier : http://courrier.yahoo.fr
Current thread:
- Where else? Hung Vu (Nov 16)
- Re: Where else? Michel Arboi (Nov 18)
- Re: Where else? Justin Lundy (Nov 18)
- Re: Where else? dullien (Nov 18)
- Re: Where else? Pavel Kankovsky (Nov 18)
- Re: Where else? Mariusz Woloszyn (Nov 19)
- Re: Where else? Hung Vu (Nov 20)