Zitat
All we have listened about stack protections. Security products are protecting stacks
of code executed there. New
hardware too, that will not let you to execute code in a not executable memory (amd64
for example).
Doing shellcodes avoiding this fact is not very complex, as i will show with this
small sample.
The idea is to use pieces of code of dlls for example. In this code im using pieces
of code of ntdll for doing my
purposes. How? Easy, with the stack overflow we will leave in the stack ret addresses
for conduction our thread
to code in ntdll.dll.
of code executed there. New
hardware too, that will not let you to execute code in a not executable memory (amd64
for example).
Doing shellcodes avoiding this fact is not very complex, as i will show with this
small sample.
The idea is to use pieces of code of dlls for example. In this code im using pieces
of code of ntdll for doing my
purposes. How? Easy, with the stack overflow we will leave in the stack ret addresses
for conduction our thread
to code in ntdll.dll.
Die Lücke liegt eben darin, daß der Buffer Overflow Schutz eben nicht den Buffer Overflow verhindert, sondern nur dessen mögliche Konsequenzen stark einschränkt. In diesem Falle wird demonstriert, wie man den eigenen Schadcode aus vorhandenen legitimen Codestücken des Prozesses zusammensetzen kann.