Re: Where else?
From: Michel Arboi (arboi@yahoo.com)Date: 11/17/01
- Previous message: Hung Vu: "Where else?"
- In reply to: Hung Vu: "Where else?"
- Next in thread: Justin Lundy: "Re: Where else?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-ID: <20011117152946.37741.qmail@web11207.mail.yahoo.com> Date: Sat, 17 Nov 2001 16:29:46 +0100 (CET) From: Michel Arboi <arboi@yahoo.com> Subject: Re: Where else? To: hungvu@netcom.ca
--- Hung Vu <hungvu@netcom.ca> a écrit :
> - Dtors
> - _atexit stuff
How do you plan to overwrite these?
> Where else?
IMHO, you should take the problem in a more systematic way. i.e.
you can overwrite:
1) any pointer to the code
2) code itself
3) or any function that generates the code (using a technique from
points 1 or 2)
(3) could mean "just in time compilers" or interpreters, and I am not
sure thise would be worth the cost. Dynamic loader hijack is also in
this category.
(1) C function pointers, return address on stack, method / class
pointer (if this makes sense)...
(2) code segment (if they can be written), code on stack (e.g. glibc &
the GCC trampolines...) or in data segment (some dynamic loaders use
this)
Just my 0.02$
___________________________________________________________
Do You Yahoo!? -- Une adresse @yahoo.fr gratuite et en français !
Yahoo! Courrier : http://courrier.yahoo.fr
- Previous message: Hung Vu: "Where else?"
- In reply to: Hung Vu: "Where else?"
- Next in thread: Justin Lundy: "Re: Where else?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
