Vulnerability Development mailing list archives

Re: problem in bypassing stack randomization ("call *%edx" technique)

From: Sebastian Krahmer <krahmer () suse de>
Date: Mon, 8 Jan 2007 09:19:19 +0100 (CET)

On Fri, 5 Jan 2007, Loptr Chaote wrote:

Modifying edx is theoretically possible via push/pop instructions..
But finding the needed opcode combination in linux-gate.so.1 is
(unfortunately) not possible.

This will be at randomized addresses soon anyways :)

Sebastian

-- 
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer () suse de - SuSE Security Team
~

Current thread:

Re: problem in bypassing stack randomization ("call *%edx" technique) Loptr Chaote (Jan 05)
- Re: problem in bypassing stack randomization ("call *%edx" technique) Sebastian Krahmer (Jan 08)