Vulnerability Development mailing list archives

Re: Overwriting the .dtors section with gcc 3

From: Jose Ronnick <matrix () phiral com>
Date: Tue, 26 Aug 2003 12:24:41 -0700

On 24 Aug 2003 10:29:22 -0000
Aviv <avivdog () bezeqint net> wrote:



Hello
I've read the guide on the library here about overwriting .dtors [ 
http://www.securityfocus.com/library/3245 ], but it doesn't work for me.
I've tried with a few people who aren't new to this, but they couldn't 
make it work on my box too.
My only guess is that the guide was written for gcc2.* and I'm using gcc3
Is this true?
Is there a way around this?
Thanks


You can still overwrite the .dtors section, but you can't do it with an overflow.  Try using a format string exploit to 
write to an arbitrary memory address.  Hope this helps.  >=D

-- 
%JOSE_RONNICK%50,:-dddd-0EEb-pVVyP\-1111-jjjj-yNNN-_4HUP-qq0q-02%r-_Z%JP-%Iwp-5kyyP-n5nn-aTTa-1271P-4ttt-/888-3tSMP-bbnb-L8wL-kMwgP-3Hy3-rqzWP-m%m8-h4x--v%r5P-S7S7-g7g7-F2u2PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP

Attachment: _bin
Description:

Current thread:

Overwriting the .dtors section with gcc 3 Aviv (Aug 25)
- Re: Overwriting the .dtors section with gcc 3 Jose Ronnick (Aug 26)