('binary' encoding is not supported, stored as-is) In-Reply-To: <51780.193.126.243.84.1059697287.squirrelat_private> In classic buffer overflow if vulnerable application just call (ex.) strcpy(), on stack is pushed eip and ebp register, so we can't overflow eax, because it is not on stack. Something different would be if pushl % eax is used before overflow and after overflow %eax is used like call *% eax. On heap same thing would happen if eax in jmp_buf (on heap) structure (used for setjmp() and longjmp()) is overflowed with some address and after longjmp() something like call *%eax is used. There are million possibilites. www.google.com -> linux memory management Regards, DownBload / Illegal Instruction Labs >Hi all, > >i've a doubt... can you run arbitrary code...by overflowing a buffer that >overflows EAX only?! .. >i've a little doubt about bofs... but if i overflow the buffer and set the >correct ret address of a shellcode, in the EAX ... will it work ?.. cose >i'm having troubles in running arbitrary code.. :| > >the true is that i don't understand much of MEMORY in linux x86.. i know >the basic.. > >PS - any good books/tutorials about linux (x86) memory.. and what all the >pointers eax, ebp, eip, etc..etc..) really work..and are there to what for >?! > >Thanks in Advanced! >-- >PsyFreakZ.Org - Owning The Psy ScenE! > > >
This archive was generated by hypermail 2b30 : Thu Jul 31 2003 - 15:16:46 PDT