Hosting Provided By

Re: Some help With BOF Exploits Writing. - EAX ?!

From: DownBload <downbload(at)hotmail.com>
Date: Thu Jul 31 2003 - 18:09:08 EDT

('binary' encoding is not supported, stored as-is)
In-Reply-To: <51780.193.126.243.84.1059697287.squirrel@psyfreakz.org>

In classic buffer overflow if vulnerable application just call (ex.) strcpy(), on stack is pushed eip and ebp register, so we can't overflow eax, because it is not on stack. Something different would be if pushl % eax is used before overflow and after overflow %eax is used like call *% eax.
On heap same thing would happen if eax in jmp_buf (on heap) structure (used for setjmp() and longjmp()) is overflowed with some address and after longjmp() something like call *%eax is used. There are million possibilites.

www.google.com -> linux memory management

Regards,
DownBload / Illegal Instruction Labs

>Hi all,
Received on Thu Jul 31 18:17:27 2003

This message: [ Message body ]
Next message: DownBload: "Re: Analyze binary for holes"
Previous message: master of chaos - lord of mean: "Re: Some help With BOF Exploits Writing. - EAX ?!"
In reply to optikool(at)psyfreakz.org: "Re: Some help With BOF Exploits Writing. - EAX ?!"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:40 EDT