Dailydave mailing list archives

Re: Strcpy

From: "Dave Korn" <dave.korn () artimi com>
Date: Thu, 10 Aug 2006 19:06:28 +0100

On 10 August 2006 17:56, Danett song wrote:

hey,

don't have idea about you are speaking... the title
say strcpy() in the body you say wcscpy() and a new
way to worms, a technique to bypass most new windows
protection... what is this? a new method of
exploitation? or a specific vulnerability? some link?


  At a guess, I'd reckon it was a return-to-libc technique to work around NX
stack space.  The advantage of returning to wcscpy over strcpy is that you can
copy data around even if it has intermittent zero bytes in it.

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave

Current thread:

Strcpy Dave Aitel (Aug 10)
- Re: Strcpy Halvar Flake (Aug 10)
- Re: Strcpy Halvar Flake (Aug 10)
- Re: Strcpy Danett song (Aug 10)
  - Re: Strcpy Dave Korn (Aug 10)
  - Re: Strcpy H D Moore (Aug 10)
    - Re: Strcpy H D Moore (Aug 10)
    - Re: Strcpy (RPC exploits, IE exploits and more) Danett song (Aug 10)
    - Re: Strcpy (RPC exploits, IE exploits and more) Alexander Sotirov (Aug 10)
    - Re: Strcpy (RPC exploits, IE exploits and more) Danett song (Aug 15)