Re: "Moving" Stack: my poor return address!
- From: Andrea Purificato - bunker <bunker@xxxxxxxxxxxxx>
- Date: Wed, 2 Aug 2006 01:18:11 +0200
Alle 04:03, martedì 1 agosto 2006, Jack C ha scritto:
I'm running on Fedora 5. Is this a security thing that's new in the past
2 years or so since I've coded one of these? Is there any way I can
either (1) make the stack sit still so I can point into it or (2) find
out where it is during execution?
Hi,
in 2.6 kernel there is a new "feature" about pseudo stack randomization
through virtual addresses in memory.
Try to search on google "stack randomization" and similar and you get a lot of
useful information. There are different technics to bypass this security
feature, try to play with these:
http://rawlab.mindcreations.com/codes/exp/randstack/exp_call_rand.pl
http://rawlab.mindcreations.com/codes/exp/randstack/exp_jmp_rand.pl
Happy hacking!
--
Andrea "bunker" Purificato
+++++++++++[>++++++>+++++++++++++++++++++++++++++++++>++++
++++++<<<-]>.>++++++++++.>.<----------.>---------.<+++++++.
http://rawlab.mindcreations.com
- References:
- "Moving" Stack: my poor return address!
- From: Jack C
- "Moving" Stack: my poor return address!
- Prev by Date: EEYE: research.eeye.com
- Next by Date: Re: "Moving" Stack: my poor return address!
- Previous by thread: "Moving" Stack: my poor return address!
- Next by thread: Re: "Moving" Stack: my poor return address!
- Index(es):
