![]() |
![]() | ![]() | ![]() | ![]() | ![]() | ![]() | ![]() | ![]() | ![]() |
|
Welcome to Vista Forums we are your forum for Windows Vista help and discussion. Whether you need help or just want to post an idea you have on Vista, this is the forum for you.
br> br> |
| |||||||
|
| | Thread Tools | Display Modes |
| | #1 (permalink) |
| Guest | Stack smashing/buffer overflow research Hi, let me start by apologising if these are the wrong groups to post these kinds of messages to (I've cross-posted) but after searching the web and not finding any good material I thought there might be someone here who know. I'm a student and I'm currently working on a small project dealing with stack smashing/buffer overflows and protection mechanisms in modern OSes, the idea is to make a survey of the different techniques that can be used to protect an application against these kinds of attacks. On the Windows side I have identified three mechanisms that I'm focusing on, the /GS flag in Visual Studio 2005, ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention). Since I'm not a security expert I can't see any way that I might be able to circumvent any of those (even less so all of them together) but I know there are people working with these kinds of things (whatever their intentions are) so what I'm asking is, if there are any known and published stack smashing/buffer overflow attacks that can successfully circumvent the techniques mentioned above (either just one of them or a combination). Any information will be greatly appreciated. PS: Mind the cross-posting when replying -- Erik Wikström |
My System Specs![]() |
| | #2 (permalink) |
| Guest | Re: Stack smashing/buffer overflow research >I'm focusing on, the /GS flag in Visual Studio 2005, ASLR (Address >Space Layout Randomization) and DEP (Data Execution Prevention). >Since I'm not a security expert I can't see any way that I might be >able to circumvent any of those (even less so all of them together) >but I know there are people working with these kinds of things >(whatever their intentions are) so what I'm asking is, if there are >any known and published stack smashing/buffer overflow attacks that >can successfully circumvent the techniques mentioned above (either >just one of them or a combination). 1. /GS stackguard protection places canary before frame pointer/stack pointer. Canary value change results in security error. The issue: /GS protects arrayas ONLY, you can also exploit BO's that are not on the stack 2. ASLR - changes mapping of DLL, stack, heap (randomness) Hardcoded address-based attacks prevention technique. How do we pass ASLR? We take advantage of so-called heap spraying (suggested reading!) 3. ASLR and DEP bypassing - usage of heap spraying, exploit jumps to existing DEP disable code, payload is executed If You have any doubts, please, feel free to contact me at: sapheal<at>hack<dot>pl. Hope I helped, Michal Bucko sapheal.hack.pl HACKPL Security Labs |
My System Specs![]() |
| | #3 (permalink) |
| Guest | Re: Stack smashing/buffer overflow research By the way, I assumed that you already know what SEH overwrite technique is ;-) mb |
My System Specs![]() |
| | #4 (permalink) |
| Guest | Re: Stack smashing/buffer overflow research By the way, lately I posted a short article about the exploitation techniques under Windows. You might be interested: http://sapheal.hack.pl/arts/Introduc...ploitation.pdf The article isn't , however, even giving an overall view on the subject - it is more like a bunch of thoughts and notes made in a rush ;-) Hope I could help, Michal |
My System Specs![]() |
|
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| AOE II Buffer Overflow | KJW | Vista Games | 0 | 06-23-2008 10:44 PM |
| Re: Stack overflow and thumbnails | Robert Aldwinckle | Vista performance & maintenance | 3 | 12-01-2007 03:47 AM |
| Stack overflow and thumbnails | Dave P | Vista networking & sharing | 0 | 11-29-2007 06:38 AM |
| Stack Overflow at line 0: Windows Internet Explorer - Please PleaseHelp! | pcbrat | Vista General | 0 | 07-16-2007 02:49 PM |
| Unhandled exception at 0x779447f2 in explorer.exe: 0xC00000FD: Stack overflow. | Eigil Krogh | Vista General | 2 | 06-22-2007 02:23 PM |
| Complimentary Industry Resources Vista Forums has joined forces with TradePub.com to offer you a new, exciting, and entirely free professional resource. Visit http://vistax64.tradepub.com today to browse our selection of complimentary Industry magazines, white papers, webinars, podcasts, and more across 34 industry sectors. No credit cards, coupons, or promo codes required. Try it today! |