Instead gdb??™s examine
facility is used to dump memory contents as assembly language instructions. Further
study of the code can then be performed to understand exactly what it actually does.
Gray Hat Hacking: The Ethical Hacker??™s Handbook
208
Kernel Space Shellcode
User space programs are not the only type of code that contains vulnerabilities. Vulnerabilities
are also present in operating system kernels and their components, such as
device drivers. The fact that these vulnerabilities are present within the relatively protected
environment of the kernel does not make them immune from exploitation. It has
been primarily due to the lack of information on how to create shellcode to run within
the kernel that working exploits for kernel level vulnerabilities have been relatively
scarce. This is particularly true regarding the Windows kernel; little documentation on
the inner workings of the Windows kernel exists outside of the Microsoft campus.
Recently, however, there has been an increasing amount of interest in kernel level
exploits as a means of gaining complete control of a computer in a nearly undetectable
manner. This increased interest is due in large part to the fact that the information
required to develop kernel level shellcode is slowly becoming public.
Pages:
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406