> > Here's self-exploiting code to discover its own return address offset > and exploit itself. It'll lend some insight into how this stuff works. > > Just a toy. >
While I understand the point here, doesn't it become a moot point if: a) the stack is reinitialized randomly on each execution and b) you have to execute that code from within the address space in order to get the address of itself, therefore if you could already execute code, then you don't really need the address and if you did wouldnt it be much easier to do a (ia32) movl %esp pushl %esp ? The point is to stop the code execution in the first place by randomizing the addresses and making it hard to guess the offset, there are a ton of ways to write code that can find the stack pointer or find itself, however if you cannot execute that code then it becomes a moot point. Of course I am not refering to causing loops and such in .text code to brute force addresses. cheers, jnf - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
