[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: overwriting .dtors using gcc 3

On Tue, 7 Oct 2003, DownBload wrote:

> Now we see .dynamic section between .data and .dtors section.  That
> section will be overflowed if we want to overflow .dtors, and that is
> not good.
> .dtors technique will still work for format string bugs, wild pointers
> etc.

You can try to solve this problem setting LD_BIND_NOW=1 in environment, to
force the dynamic linker to process all relocations before trasferring
control to the program. See abo7-ex.c in:


Some other useful exploitation examples:



Marco Ivaldi
Antifork Research, Inc.   http://0xdeadbeef.info/
3B05 C9C5 A2DE C3D7 4233  0394 EF85 2008 DBFD B707