1.    15 May 2007 #1
    Erik Wikström Guest

    Stack smashing/buffer overflow research


    Hi, let me start by apologising if these are the wrong groups to post
    these kinds of messages to (I've cross-posted) but after searching the
    web and not finding any good material I thought there might be someone
    here who know.

    I'm a student and I'm currently working on a small project dealing
    with stack smashing/buffer overflows and protection mechanisms in
    modern OSes, the idea is to make a survey of the different techniques
    that can be used to protect an application against these kinds of
    attacks. On the Windows side I have identified three mechanisms that
    I'm focusing on, the /GS flag in Visual Studio 2005, ASLR (Address
    Space Layout Randomization) and DEP (Data Execution Prevention).

    Since I'm not a security expert I can't see any way that I might be
    able to circumvent any of those (even less so all of them together)
    but I know there are people working with these kinds of things
    (whatever their intentions are) so what I'm asking is, if there are
    any known and published stack smashing/buffer overflow attacks that
    can successfully circumvent the techniques mentioned above (either
    just one of them or a combination).

    Any information will be greatly appreciated.

    PS: Mind the cross-posting when replying

    --
    Erik Wikström

      My System SpecsSystem Spec

  2.    15 May 2007 #2
    Michal Bucko Guest

    Re: Stack smashing/buffer overflow research


    >I'm focusing on, the /GS flag in Visual Studio 2005, ASLR (Address
    >Space Layout Randomization) and DEP (Data Execution Prevention).


    >Since I'm not a security expert I can't see any way that I might be
    >able to circumvent any of those (even less so all of them together)
    >but I know there are people working with these kinds of things
    >(whatever their intentions are) so what I'm asking is, if there are
    >any known and published stack smashing/buffer overflow attacks that
    >can successfully circumvent the techniques mentioned above (either
    >just one of them or a combination).




    1. /GS stackguard protection places canary before frame pointer/stack
    pointer.
    Canary value change results in security error.
    The issue: /GS protects arrayas ONLY, you can also exploit BO's that are not
    on the stack

    2. ASLR - changes mapping of DLL, stack, heap (randomness)
    Hardcoded address-based attacks prevention technique. How do we pass ASLR?
    We take advantage of so-called heap spraying (suggested reading!)

    3. ASLR and DEP bypassing - usage of heap spraying, exploit jumps to
    existing DEP disable
    code, payload is executed

    If You have any doubts, please, feel free to contact me at:
    sapheal<at>hack<dot>pl.


    Hope I helped,


    Michal Bucko

    sapheal.hack.pl
    HACKPL Security Labs

      My System SpecsSystem Spec

  3.    15 May 2007 #3
    Michal Bucko Guest

    Re: Stack smashing/buffer overflow research


    By the way, I assumed that you already know what SEH overwrite technique is
    ;-)


    mb

      My System SpecsSystem Spec

  4.    25 May 2007 #4
    Michal Bucko Guest

    Re: Stack smashing/buffer overflow research


    By the way, lately I posted a short article about the exploitation
    techniques
    under Windows. You might be interested:
    http://sapheal.hack.pl/arts/Introduc...ploitation.pdf

    The article isn't , however, even giving an overall view on the subject -
    it is more like a bunch of thoughts and notes made in a rush ;-)

    Hope I could help,

    Michal

      My System SpecsSystem Spec


Similar Threads
Thread Forum
Stack Overflow at line:24
When running Facebook I keep getting this error message Stack Overflow at line:24. can anyone tell me how yo repair this. Thanks
Browsers & Mail
Buffer Overflow Exception
Hello I've recently started to have this happen when I go to bring up explorer. Problem signature: Problem Event Name: BEX Application Name:...
General Discussion
RE: Serial buffer overflow occurs where?
3ZEfAW http://google.com Posted via http://www.VirtualServerFaq.com - Brought to you by Business Information Technology Shop -...
Virtual PC
RE: Serial buffer overflow occurs where?
http://khfuq.eu.interia.pl/yte.html online questionnaires to find the right career Posted via http://www.VirtualServerFaq.com - Brought to you...
Virtual PC
AOE II Buffer Overflow
I loaded AOE II Conquerers Edition onto my sons computer. When I start it up my firewall posts an error message indicating that it has bkloced AOE...
Vista Games
Re: Stack overflow and thumbnails
(cross-post added to Vista Performance & Maintenance) "Dave P" <DaveP@xxxxxx> wrote in message news:06DBCF9F-F074-4076-A9FE-E50542E02EAA@xxxxxx ...
Vista performance & maintenance
Stack overflow and thumbnails
I am running Vista and all of a sudden my IE has stopped working correctly on a number of sites. 1. On some sites with a number of drop down menus...
Vista networking & sharing

Our Sites
  • Ten Forums
  • Eight Forums
  • Seven Forums
  • PC Help Forum
  • Help Me Bake
  • Site Links
  • Contact Us
  • Privacy and Cookies
  • About Us
    Windows Vista Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

    © Designer Media Ltd
    All times are GMT -5. The time now is 13:50.
    .