searching through the address space of a process

• Previous message: leon: "RE: possible AIM dos?"
• Next in thread: dullienat_private: "Re: searching through the address space of a process"
• Reply: dullienat_private: "Re: searching through the address space of a process"
• Reply: John Hillman: "Re: searching through the address space of a process"
• Reply: Gigi Sullivan: "Re: searching through the address space of a process"
• Reply: Enrique A. Compań Gzz.: "Re: searching through the address space of a process"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Is there a way for a process (i.e., shellcode) to search through its 
address space (looking for a particular string, etc.)?  I'm interested 
particularly in doing this under Windows, although Unix would be nice 
also.  Can this be done without using any API/syscalls, just in assembly alone?

I can see to basic ways of doing it:
1) Determining the address space, and then searching it
2) Trying every block, but catching the gpf/segfault exceptions

However, I do not know how to implement either one

Franklin



Franklin DeMatto
Senior  Analyst, qDefense Penetration Testing
http://qDefense.com
qDefense: Making Security Accessible

• Next message: leon: "pop3 exploit????"
• Previous message: leon: "RE: possible AIM dos?"
• Next in thread: dullienat_private: "Re: searching through the address space of a process"
• Reply: dullienat_private: "Re: searching through the address space of a process"
• Reply: John Hillman: "Re: searching through the address space of a process"
• Reply: Gigi Sullivan: "Re: searching through the address space of a process"
• Reply: Enrique A. Compań Gzz.: "Re: searching through the address space of a process"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Oct 14 2001 - 09:47:41 PDT