> -----Original Message-----
> From: David Litchfield [mailto:david (at) ngssoftware (dot) com [email concealed]]
> Sent: Tuesday, February 04, 2003 12:09 AM
> To: bugtraq (at) securityfocus (dot) com [email concealed]; ntbugtraq (at) listserv.ntbugtraq (dot) com [email concealed];
> vulnwatch (at) vulnwatch (dot) org [email concealed]
> Subject: Preventing exploitation with rebasing
>
> So how easy is it to rebase DLLs and executables? Very. Microsoft have
> provided a function to do this, ReBaseImage(), exported by
> imagehlp.dll. If
> you rebase an image the new base must be on a 64K boundary -
> i.e. if the
> image base mod 64000 !=0 the base is not valid.
>
There is a tool called "ReBase" shipped with Visual C++ and Visual C++.NET.
> -----Original Message-----
> From: David Litchfield [mailto:david (at) ngssoftware (dot) com [email concealed]]
> Sent: Tuesday, February 04, 2003 12:09 AM
> To: bugtraq (at) securityfocus (dot) com [email concealed]; ntbugtraq (at) listserv.ntbugtraq (dot) com [email concealed];
> vulnwatch (at) vulnwatch (dot) org [email concealed]
> Subject: Preventing exploitation with rebasing
>
> So how easy is it to rebase DLLs and executables? Very. Microsoft have
> provided a function to do this, ReBaseImage(), exported by
> imagehlp.dll. If
> you rebase an image the new base must be on a 64K boundary -
> i.e. if the
> image base mod 64000 !=0 the base is not valid.
>
There is a tool called "ReBase" shipped with Visual C++ and Visual C++.NET.
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tools/
perf
util_2z39.asp>
<quote>
Rebase is a command-line tool that you can use to specify the base addresses
for the DLLs that your application uses.
</quote>
<quote>
Alternatively, you can use the ReBaseImage function.
</quote>
[ reply ]