#1
|
|||
|
|||
Creating a buffer overflow ?
As I understand it most buffer overflow exploits must be found by the cracker, and it must be able to influence the target variable once the overflow has occured.
Instead of just finding these overflow exploits, wouldn't it be possible to in fact force the buffer to overflow? i.e, If you somehow were able to manipulate the values of the bounds? i.e Quote:
What I'm saying is that when you disassemble the program you should search for where that [10] is assigned in asm, and then change it to a [0]. That way the overflow would always occur. Of course you probably wouldn't change the asm code, but you could do a live memory hack, like a simple game trainer does to change the [10] to a [0]. Last edited by Rhodium; 08-17-2003 at 15:33. |
#2
|
||||
|
||||
What would be the point of this? Considering the fact that most buffer exploits are doing over the intenet, where you don't have access to the machine to change any of the assembler - you only have the interface of the program that is running.
Secondly, once the program has compiled, trying to change a static buffer size to less than it was orignally set to would be very difficult, as if it was a global variable, it would most likely be a space in the exe, and local variables would simply be space on the stack. |
#3
|
|||
|
|||
Quote:
Last edited by Rhodium; 08-17-2003 at 17:11. |
#4
|
||||
|
||||
If you want to do that, just write the process memory. No need for buffer overflow exploits.
|
#5
|
|||
|
|||
Hehe, I once thought about this too.
The interesting point would be to find a possible weak point in the serial checking routines of e.g. some RSA 1024 based protection schemes. Then you maybe could break that scheme with a special buffer overflow serial. |
#6
|
|||
|
|||
And how do you think is it working?
|
#7
|
|||
|
|||
Yeah, that'll be the difficult part
I actually never tried to find a possible victim, as it's probably impossible, because e.g. GetDlgItemText, etc. all have a parameter that limits the length of text you can enter. Furthermore, if there was an (easy) way to do, someone would probably have done it already. |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
ImpRec module User32.dll overwritting buffer overflow | KaGra | General Discussion | 7 | 04-25-2005 10:33 |
Buffer Overflow in SentinelLM Service | prt | General Discussion | 0 | 03-19-2005 05:20 |
DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability | bukkake | General Discussion | 0 | 01-25-2005 11:23 |