Adrian S <hotelectronat_private> wrote: > Is it possible to determine the source address of the system call to check > if it is proper from a list of legal addresses (legal process space etc) ? If your question was: "Is it possible to determine in kernel mode the value of userland instruction pointer at the moment of executing a system call" then in case of Linux it is. I think it is true on every sane OS. What are you trying to achieve ? If a protection against executing shellcode, then be aware that in case of return-into-libc exploits the rogue code executes within library/executable image, not within stack/heap. peace, Algo
This archive was generated by hypermail 2b30 : Fri Mar 21 2003 - 14:56:11 PST