Anyone looked at the canary stack protection in Win2k3?

From: Andrew Thomas (andrew_at_generator.co.za)
Date: 07/20/03

Next message: kathy tuckey: "Does IE object type overflow work only on an Administrator account?"

Previous message: noir: "RE: Named Pipe Impersonation -> CreateProcessAsUser();"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <vuln-dev@lists.securityfocus.com>
Date: Sun, 20 Jul 2003 12:37:03 +0200

I've looked a bit at a single disassembly that I got
(IDA Pro) of the package. It's quite cute that MS have
started creating a 'fix' to reduce the probability
of programmatic errors in their code having as great
an impact as they could.

Any comments on their canary generator? It seems to
generate enough randomness, with use of:
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter

all nicely xor'ed together. But then again, I am not
an expert in these matters.

--
Andrew G. Thomas
Hobbs & Associates Chartered Accountants (SA)
(o) +27-(0)21-683-0500
(f) +27-(0)21-683-0577
(m) +27-(0)83-318-4070

Next message: kathy tuckey: "Does IE object type overflow work only on an Administrator account?"

Previous message: noir: "RE: Named Pipe Impersonation -> CreateProcessAsUser();"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: 6gw1u4iu
... We provided a fix for you that will be available in IDW14. ... SQL Server Data Mining ... OLEDB source (with the DMX prection query) and throw the result into a SQL ... the package fails with the error in the attached ...
(microsoft.public.sqlserver.datamining)
Re: Strange Prediction behavior
... We provided a fix for you that will be available in IDW14. ... SQL Server Data Mining ... OLEDB source (with the DMX prection query) and throw the result into a SQL ... the package fails with the error in the attached ...
(microsoft.public.sqlserver.datamining)
Re: Windows 98 ASN.1 Vulnerability?
... The hotfix for the ASN.1 issue, ... VoIP implementations to Windows software. ... The hot fix for your issue has been packaged and placed on ... The package is password protected so be sure to enter the ...
(microsoft.public.security)
Re: how to re-install package for cd and powerpoint viewer
... simple file using the options you want, package to folder rather than directly ... editing to the bat and list files and burn the CD from that folder. ... This won't fix up any of your links, ... Steve Rindsberg, PPT MVP ...
(microsoft.public.powerpoint)
RE: [Full-Disclosure] Hotmail & Passport (.NET Accounts) Vulnerability
... I've noticed at least some of the MS-related security reports seemed ... to have rather large gaps of time between notification and announcement ... release new versions of the package when infact the version of SSH ... a fix was available, ...
(Full-Disclosure)