Buffer overflow attacks bypassing DEP (NX/XD bits) - part 1 : Simple Call

Premise

All you read here (and its sequel posts) is just a concrete implementation of many proposed ways to exploit buffer overflows to execute arbitrary code; in particular this post will focus on bypassing the DEP (Data Execution Prevention) which uses the NX bit on AMD chips and XD bit on Intel chips to prevent code execution from data segments (NX and XD are, as far as I know, the same bit with two different names so that Intel’s pride was satisfied - just like amd64 techology is also called x86-64, x64, aa64 and em64t - wasn’t a name enough ? :|) .

The DEP is really a needed feature which was incredibly missing from x86 (ia32 ;)) processors. It is a good protection which effectively makes harder to write exploits for unchecked buffers bugs. However it doesn’t make them impossible - it just makes them slightly harder to do.

If this post (and its sequels) strikes you down in fear, then remember to update all your applications to the latest versions and check them consistently for bugfixes repairing buffer overflows, and if you are a programmer, triple check your code to look for these bugs.

Please, note also that nothing in these posts is an original idea, since these methods are discussed in theory in many sites around the internet. What was missing was a proof of concept of those exploits, which you can find here.

Read more

← Previous Page

• Recently Written

  • New gmail iGoogle gadget bugged!
  • OpenSUSE 11.0 - Nurnberg down.
  • Repair broken xfce after theme selection
  • The Design of Everyday Things
  • ScummVM DS Patches - version 4
  • Current.com uses my photo of olympic torch
  • ScummVM DS Patches - version 3
  • …
  • Last.fm radio!
  • A little better MeasureString…

• Categories

  • Funny (maybe)
  • Gaming
  • Geeky side of life
  • Linux
  • Programming
    • .NET
    • C++
    • Code Snippets
    • Win32
    • x86/64 (amd64) specific
    • x86/ia32 specific
  • Rants
  • Security
  • Software releases
  • Sport Events
  • Uncategorized
  • Usability

• Archives

  • October 2008
  • September 2008
  • July 2008
  • June 2008
  • April 2008
  • March 2008
  • January 2008
  • December 2007
  • November 2007
  • August 2007
  • March 2007
  • February 2007
  • November 2006
  • October 2006
  • September 2006
  • August 2006
  • July 2006
  • May 2006
  • March 2006
  • February 2006
  • January 2006
  • December 2005
  • November 2005
  • October 2005
  • September 2005
  • August 2005
  • July 2005
  • June 2005
  • May 2005

• Admin

  • Login
  • WordPress
  • XHTML

• 
  

• About

  A blog about whatever gets on my computer or any other programmable device I own. From Linux to .NET.

• Social Networking

 


www.flickr.com

This is a Flickr badge showing public photos from Marco Mastropaolo. Make your own badge here.

• Blogroll

  • Ale+Ale - … Ale+Ale!
  • Blog di Paolone (it) - (Italian) Il blog di un amico :)
  • Bruce Eckel’s Free Electronic Books - Free Thinking in Java, C++, Patterns books. A must!
  • Code Project - Free code snippets for Windows
  • Dilbert - Where everyday work becomes comics
  • Eriadan (it) - (Italian) IL blog a fumetti
  • Freshmeat - Free (as in freedom) software for *nix systems
  • Full Frontal Nerdity - A comic for nerds and alikes
  • gotAPI - Language manuals and guides
  • IlTucci (it) - Blog di un caro amico!
  • Larry Osterman - Techblog of an experienced Microsoft developer
  • Lightforce Games (Flash&JS)
  • my del.icio.us page - my del.icio.us page
  • Online virus scanning - Online virus scanning
  • Order of the Stick - Best D&D Comic EVER!
  • pinvoke.net - Wiki for P/INVOKE from .NET languages (C#, VB.NET)
  • Programmers Heaven - Free programming resources
  • ScriptSpot (3dsmax) - Free scripts for 3ds max
  • Sourceforge - The biggest free (as in freedom) software library
  • SpamUsement - Great site, where everyday spam becomes funny comics :)
  • Sudoku di Repubblica (it) - Il sudoku di Repubblica! :)
  • Tom’s Bug Blog - Brain teasers for programmers