Hi,

I have doubts about my understanding how/if packers protect against injecting shellcode. Take for example this analysis of the SKYPE software:
http://www.secdev.org/conf/skype_BHEU06.handout.pdf

As far as I understood this paper, those guys found a buffer overflow in the unpacked SKYPE code in the RAM. Apparently, they could exploit it and were able to inject shell code.

Of course, some chunks of code have to be unpacked in RAM. And as you do not need to inject packed shell code, you can do it. Seems to be clear to me.

So, packing does not complicate the exploitation of buffer overflows? It just complicates to find the buffer overflows?

Or am I wrong somehow?

boeser.hacker