Re: Overwriting the .dtors section with gcc 3

From: Jose Ronnick (matrixat_private)
Date: Tue Aug 26 2003 - 12:24:41 PDT

Next message: Redaktion-Kryptocrew: "[Full-Disclosure] Cross Site Scripting in Webbased Virusencyclopedia"

Previous message: Damieon Stark: "Oracle Patch Testing"
In reply to: Aviv: "Overwriting the .dtors section with gcc 3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 24 Aug 2003 10:29:22 -0000
Aviv <avivdogat_private> wrote:

> 
> 
> Hello
> I've read the guide on the library here about overwriting .dtors [ 
> http://www.securityfocus.com/library/3245 ], but it doesn't work for me.
> I've tried with a few people who aren't new to this, but they couldn't 
> make it work on my box too.
> My only guess is that the guide was written for gcc2.* and I'm using gcc3
> Is this true?
> Is there a way around this?
> Thanks

You can still overwrite the .dtors section, but you can't do it with an overflow.  Try using a format string exploit to write to an arbitrary memory address.  Hope this helps.  >=D

-- 
%JOSE_RONNICK%50,:-dddd-0EEb-pVVyP\-1111-jjjj-yNNN-_4HUP-qq0q-02%r-_Z%JP-%Iwp-5kyyP-n5nn-aTTa-1271P-4ttt-/888-3tSMP-bbnb-L8wL-kMwgP-3Hy3-rqzWP-m%m8-h4x--v%r5P-S7S7-g7g7-F2u2PPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPPP

application/pgp-signature attachment: stored

Next message: Redaktion-Kryptocrew: "[Full-Disclosure] Cross Site Scripting in Webbased Virusencyclopedia"
Previous message: Damieon Stark: "Oracle Patch Testing"
In reply to: Aviv: "Overwriting the .dtors section with gcc 3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Aug 26 2003 - 13:44:18 PDT