SecurityFocus

Preventing exploitation with rebasing Feb 04 2003 05:08AM
David Litchfield (david ngssoftware com) (7 replies)

Re: Preventing exploitation with rebasing Feb 05 2003 01:41PM
dullien gmx de (1 replies)

Re: Preventing exploitation with rebasing Feb 04 2003 10:52PM
David Litchfield (david ngssoftware com) (2 replies)

Re[2]: Preventing exploitation with rebasing Feb 05 2003 05:02PM
dullien gmx de

RE: Preventing exploitation with rebasing Feb 04 2003 09:47PM
Jason Coombs (jasonc science org)

RE: Preventing exploitation with rebasing Feb 04 2003 06:54PM
Riley Hassell (rhassell eeye com)

Re: Preventing exploitation with rebasing Feb 04 2003 02:00PM
sd hysteria sk (1 replies)

Re: Preventing exploitation with rebasing Feb 04 2003 11:20PM
David Litchfield (david ngssoftware com)

Re: Preventing exploitation with rebasing Feb 04 2003 02:00PM
Torbjörn Hovmark (torbjorn hovmark abtrusion com)

Re: Preventing exploitation with rebasing Feb 04 2003 11:38AM
Charlie Root (weedpower home ro) (4 replies)

Re: Preventing exploitation with rebasing Feb 06 2003 01:00AM
Deus, Attonbitus (Thor HammerofGod com)

Re: Preventing exploitation with rebasing Feb 05 2003 09:49PM
Alun Jones (alun texis com)

Re: Preventing exploitation with rebasing Feb 04 2003 08:08PM
Brian Hatch (bugtraq ifokr org) (2 replies)

Re: Preventing exploitation with rebasing Feb 04 2003 09:38PM
David S Goldberg (dsg mitre org)

Re: Preventing exploitation with rebasing Feb 04 2003 05:26PM
Alan DeKok (aland freeradius org) (2 replies)

Re: Can't Preventing exploitation with rebasing Feb 05 2003 10:06AM
bugtraq gaza halo nu (2 replies)

Re[2]: Can't Preventing exploitation with rebasing Feb 06 2003 07:14PM
dullien gmx de

Hey all,

bghn> DIGRESSION:
bghn> Dave Litchfield says you can call esp. I don't know Dave's
bghn> relationships with his registers but this doesn't work if I want
bghn> to get my eip on top of my shellcode. Always starts executing a
bghn> memory address for me. Maybe if I took esp out to dinner more
bghn> often then I could call it instead of having to jump on top of it.
bghn> Dave, any suggestions for the wine list?
bghn> END DIGRESSION.

Problem here is Intel ignoring it's own standards. The standard says
to first transfer control, then push the old EIP on the stack -- but
Intel CPU's since Pentium have done it the other way around, first
pushing EIP (and decreasing ESP), then setting EIP=ESP.

Cheers,
Thomas

[ reply ]

Observation on randomization/rebiasing... Feb 05 2003 09:10PM
Nicholas Weaver (nweaver CS berkeley edu) (1 replies)

RE: Observation on randomization/rebiasing... Feb 05 2003 10:07PM
Jason Coombs (jasonc science org)

Re: Preventing exploitation with rebasing Feb 05 2003 01:48AM
Crispin Cowan (crispin wirex com)

Re: Preventing exploitation with rebasing Feb 04 2003 06:38PM
David Litchfield (david ngssoftware com) (1 replies)

Re: [VulnDiscuss] Re: Preventing exploitation with rebasing Feb 05 2003 05:32PM
Halvar Flake (halvar gmx net)

Re: Preventing exploitation with rebasing Feb 04 2003 11:34AM
Eugene Tsyrklevich (eugene securityarchitects com)

Re: [VulnDiscuss] Preventing exploitation with rebasing Feb 03 2003 09:49PM
Michal Zalewski (lcamtuf coredump cx)