|
Vulnerability Development
mailing list archives
Re: Where else?
From: Michel Arboi <arboi () yahoo com>
Date: Sat, 17 Nov 2001 16:29:46 +0100 (CET)
--- Hung Vu <hungvu () netcom ca> a écrit :
- Dtors
- _atexit stuff
How do you plan to overwrite these?
Where else?
IMHO, you should take the problem in a more systematic way. i.e.
you can overwrite:
1) any pointer to the code
2) code itself
3) or any function that generates the code (using a technique from
points 1 or 2)
(3) could mean "just in time compilers" or interpreters, and I am not
sure thise would be worth the cost. Dynamic loader hijack is also in
this category.
(1) C function pointers, return address on stack, method / class
pointer (if this makes sense)...
(2) code segment (if they can be written), code on stack (e.g. glibc &
the GCC trampolines...) or in data segment (some dynamic loaders use
this)
Just my 0.02$
___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Courrier : http://courrier.yahoo.fr
 By Date 
By Thread
Current thread:
| 
Intro
