Dailydave mailing list archives
Re: Strcpy
From: "Dave Korn" <dave.korn () artimi com>
Date: Thu, 10 Aug 2006 19:06:28 +0100
On 10 August 2006 17:56, Danett song wrote:
hey, don't have idea about you are speaking... the title say strcpy() in the body you say wcscpy() and a new way to worms, a technique to bypass most new windows protection... what is this? a new method of exploitation? or a specific vulnerability? some link?
At a guess, I'd reckon it was a return-to-libc technique to work around NX stack space. The advantage of returning to wcscpy over strcpy is that you can copy data around even if it has intermittent zero bytes in it. cheers, DaveK -- Can't think of a witty .sigline today.... _______________________________________________ Dailydave mailing list Dailydave () lists immunitysec com http://lists.immunitysec.com/mailman/listinfo/dailydave
Current thread:
- Strcpy Dave Aitel (Aug 10)
- Re: Strcpy Halvar Flake (Aug 10)
- Re: Strcpy Halvar Flake (Aug 10)
- Re: Strcpy Danett song (Aug 10)
- Re: Strcpy Dave Korn (Aug 10)
- Re: Strcpy H D Moore (Aug 10)
- Re: Strcpy H D Moore (Aug 10)
- Re: Strcpy (RPC exploits, IE exploits and more) Danett song (Aug 10)
- Re: Strcpy (RPC exploits, IE exploits and more) Alexander Sotirov (Aug 10)
- Re: Strcpy (RPC exploits, IE exploits and more) Danett song (Aug 15)