Re: Getting passwords from the heap?

From: ian (cheekenat_private)
Date: Wed Jun 27 2001 - 17:12:14 PDT

Next message: ian: "Re: Valid characters on one o/s are invalid on another"

Previous message: Jason Spence: "Re: Getting passwords from the heap?"
In reply to: H D Moore: "Re: Getting passwords from the heap?"
Next in thread: Cabezon Aurélien [iSecureLabs]: "Source code of the Sadmin Worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>  if anyone knows more about the
> exact workings of memory and page allocation under linux, windows, and other
> OS's I would be great if they shared...

windows 2000 (and probably NT) have a thread named "the zero page thread"
whose responsibility is to zero pages of memory before they are handed to
processes
via malloc and similar mechanisms. if memory serves me right, this is
a requirement for C2 compliance.

plus remember there's a difference between virtual vs physical memory.
if you're not getting pages with some other process' physical memory
backing them (which you shouldn't) you should only get stuff that's accessible
to your process anyways, i think ?

for much much much more detail than i can possibly summon
up after work, consult solomon and russinovich's "inside windows 2000"
the chapter on memory management internals,

ian

Next message: ian: "Re: Valid characters on one o/s are invalid on another"
Previous message: Jason Spence: "Re: Getting passwords from the heap?"
In reply to: H D Moore: "Re: Getting passwords from the heap?"
Next in thread: Cabezon Aurélien [iSecureLabs]: "Source code of the Sadmin Worm"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 28 2001 - 09:42:10 PDT