Full Disclosure mailing list archives
Re: ShortNotes : Stack Smashing with GCC4
From: "Chris Rohlf" <chris.rohlf () gmail com>
Date: Fri, 20 Apr 2007 14:58:34 -0400
Your section:
** [ iv. call %edx ] **
Was also covered here some time ago. http://www.milw0rm.com/papers/70 (I am only running gcc 4.0.3) In main() %edx is pointing to the start of your environment variables, not the stack. If you were to call another function from main() it would probably no longer point there. So maybe this technique works for vulnerablilities in programs parsing command line arguments in main() but its very limited in its use. chris -- http://em386.blogspot.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- ShortNotes : Stack Smashing with GCC4 xWinGs @ KJ (Apr 20)
- Re: ShortNotes : Stack Smashing with GCC4 Marcus Meissner (Apr 20)
- Message not available
- Re: ShortNotes : Stack Smashing with GCC4 Guasconi Vincent (Apr 20)
- Message not available
- Re: ShortNotes : Stack Smashing with GCC4 Marcus Meissner (Apr 20)
- <Possible follow-ups>
- Re: ShortNotes : Stack Smashing with GCC4 Chris Rohlf (Apr 20)