[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vuln-dev
Subject:    Re: Some help With BOF Exploits Writing. - EAX ?!
From:       DownBload <downbload () hotmail ! com>
Date:       2003-07-31 22:09:08
[Download RAW message or body]

In-Reply-To: <51780.193.126.243.84.1059697287.squirrel@psyfreakz.org>

In classic buffer overflow if vulnerable application just  call (ex.) 
strcpy(), on stack is pushed eip and ebp register, so we can't overflow 
eax, because it is not on stack. Something different would be if pushl %
eax is used before overflow and after overflow %eax is used like call *%
eax.
On heap same thing would happen if eax in jmp_buf (on heap) structure 
(used for setjmp() and longjmp()) is overflowed with some address and 
after longjmp() something like call *%eax is used.
There are million possibilites. 

www.google.com -> linux memory management

Regards,
DownBload / Illegal Instruction Labs


>Hi all,
>
>i've a doubt... can you run arbitrary code...by overflowing a buffer that
>overflows EAX only?! ..
>i've a little doubt about bofs... but if i overflow the buffer and set the
>correct ret address of a shellcode, in the EAX ... will it work ?.. cose
>i'm having troubles in running arbitrary code.. :|
>
>the true is that i don't understand much of MEMORY in linux x86.. i know
>the basic..
>
>PS - any good books/tutorials about linux (x86) memory.. and what all the
>pointers eax, ebp, eip, etc..etc..) really work..and are there to what for
>?!
>
>Thanks in Advanced!
>-- 
>PsyFreakZ.Org - Owning The Psy ScenE!
>
>
>
[prev in list] [next in list] [prev in thread] [next in thread]