Graphics Programs Reference
In-Depth Information
Instruction
Hex
ASCII
0x40
inc eax
@
0x43
inc ebx
C
inc ecx
0x41
A
0x42
inc edx
B
0x48
dec eax
H
0x4B
dec ebx
K
dec ecx
0x49
I
0x4A
dec edx
J
Since we zero out these registers before we use them, we can safely use a
random combination of these bytes for the NOP sled. Creating a new exploit
tool that uses random combinations of the bytes
@
,
C
,
A
,
B
,
H
,
K
,
I
, and
J
instead
of a regular NOP sled will be left as an exercise for the reader. The easiest
way to do this would be by writing a sled-generation program in C, which is
used with a BASH script. This modification will hide the exploit buffer from
IDSes that look for a NOP sled.
0x690
Buffer Restrictions
Sometimes a program will place certain restrictions on buffers. This type of
data sanity-checking can prevent many vulnerabilities. Consider the following
example program, which is used to update product descriptions in a fictitious
database. The first argument is the product code, and the second is the
updated description. This program doesn't actually update a database, but it
does have an obvious vulnerability in it.
update_info.c
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define MAX_ID_LEN 40
#define MAX_DESC_LEN 500
/* Barf a message and exit. */
void barf(char *message, void *extra) {
printf(message, extra);
exit(1);
}
/* Pretend this function updates a product description in a database. */
void update_product_description(char *id, char *desc)
{
char product_code[5], description[MAX_DESC_LEN];
printf("[DEBUG]: description is at %p\n", description);
