Bugtraq: RE: Preventing exploitation with rebasing

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

RE: Preventing exploitation with rebasing

From: Anonymous <xxxxxx () xxxxxxxx securityfocus com>
Date: Mon, 3 Feb 2003 17:21:54 -0500

-----Original Message-----
From: David Litchfield [mailto:david () ngssoftware com]
Sent: Tuesday, February 04, 2003 12:09 AM
To: bugtraq () securityfocus com; ntbugtraq () listserv ntbugtraq com;
vulnwatch () vulnwatch org
Subject: Preventing exploitation with rebasing

So how easy is it to rebase DLLs and executables? Very. Microsoft have
provided a function to do this, ReBaseImage(), exported by 
imagehlp.dll. If
you rebase an image the new base must be on a 64K boundary - 
i.e. if the
image base mod 64000 !=0 the base is not valid.


There is a tool called "ReBase" shipped with Visual C++ and Visual C++.NET.

<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tools/perf
util_2z39.asp>

<quote>
Rebase is a command-line tool that you can use to specify the base addresses
for the DLLs that your application uses. 
</quote>

<quote>
Alternatively, you can use the ReBaseImage function.
</quote>

By Date By Thread

Current thread:

RE: Preventing exploitation with rebasing Anonymous (Feb 04)
- <Possible follow-ups>
- Preventing exploitation with rebasing David Litchfield (Feb 05)
  - Re: Preventing exploitation with rebasing sd (Feb 04)
    - Re: Preventing exploitation with rebasing David Litchfield (Feb 04)
  - Re: Preventing exploitation with rebasing Eugene Tsyrklevich (Feb 04)
  - Re: Preventing exploitation with rebasing Torbjörn Hovmark (Feb 04)