|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: overwriting .dtors using gcc 3
From: Marco Ivaldi (raptor
0xdeadbeef.info)
Date: Thu Oct 09 2003 - 02:24:21 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 7 Oct 2003, DownBload wrote:
> Now we see .dynamic section between .data and .dtors section. That
> section will be overflowed if we want to overflow .dtors, and that is
> not good.
> .dtors technique will still work for format string bugs, wild pointers
> etc.
You can try to solve this problem setting LD_BIND_NOW=1 in environment, to
force the dynamic linker to process all relocations before trasferring
control to the program. See abo7-ex.c in:
http://www.0xdeadbeef.info/code/abo-raptor.tgz
Some other useful exploitation examples:
http://www.0xdeadbeef.info/code/misc-raptor.tgz
http://www.0xdeadbeef.info/code/vulndev-raptor.tgz
Cheers,
:raptor
--
Marco Ivaldi
Antifork Research, Inc. http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233 0394 EF85 2008 DBFD B707
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]