Bugtraq mailing list archives

Re: Preventing exploitation with rebasing

From: "David Litchfield" <david () ngssoftware com>
Date: Wed, 5 Feb 2003 02:29:32 -0800

Going back to exe image files and rebasing. Surely they can be rebased even
without a .reloc section? All I need to do is edit the image base in the PE
header then parse the assembly looking for absolute addresses such as
function addresses, static variables etc and modify these addresses, too.

For example assume an image base for an exe is 0x00400000 and the c code
does

printf("hello");

This will generate something like

push 0x0042001C    // push pointer to hello
call 0x00401060       // call printf

If I then make the image base 0x00410000 and I also change

push 0x0042001C
call 0x00401060

to become

push 0x0043001C
call 0x00411060

then the exe should still run (as long as you get all the absolute
addresses) and it has been rebased.

?
David

Current thread:

Re: Can't Preventing exploitation with rebasing, (continued)
- - - Re: Can't Preventing exploitation with rebasing bugtraq (Feb 05)
    - Re[2]: Can't Preventing exploitation with rebasing dullien (Feb 05)
    - Observation on randomization/rebiasing... Nicholas Weaver (Feb 05)
    - RE: Observation on randomization/rebiasing... Jason Coombs (Feb 05)
    - Re: Preventing exploitation with rebasing Crispin Cowan (Feb 05)
    - Re: Preventing exploitation with rebasing David S Goldberg (Feb 05)
    - Re: Preventing exploitation with rebasing Alun Jones (Feb 05)
    - Re: Preventing exploitation with rebasing Deus, Attonbitus (Feb 06)
  - RE: Preventing exploitation with rebasing Riley Hassell (Feb 05)
  - Re: [VulnDiscuss] Preventing exploitation with rebasing Michal Zalewski (Feb 05)
- Re: Preventing exploitation with rebasing David Litchfield (Feb 05)
  - Re: Preventing exploitation with rebasing Bugtraq User (Feb 05)
  - Re: Preventing exploitation with rebasing D.C. van Moolenbroek (Feb 05)
  - Re: Preventing exploitation with rebasing Michal Zalewski (Feb 05)
  - Re: Preventing exploitation with rebasing Todd Sabin (Feb 05)
    - Re: Preventing exploitation with rebasing Seth Breidbart (Feb 06)
    - Re: Preventing exploitation with rebasing Richard Moore (Feb 06)
    - Re: Preventing exploitation with rebasing Carolyn Meinel (Feb 07)
- Re: Preventing exploitation with rebasing Dave Aitel (Feb 05)
- Preventing exploitation with rebasing Fred Cohen (Feb 06)
  - RE: Preventing exploitation with rebasing Jason Coombs (Feb 07)

(Thread continues...)