While this may not prevent us from
reaching the control structures we wish to corrupt, it does require us to be extremely
careful when crafting our input. Figure 18-6 shows a simple stack layout in which variables
A??“D are positioned between a vulnerable buffer and the return address that we
wish to control.
Crafting an input buffer in this case must take into consideration if and how any of
these variables are used by the program and whether the program might terminate
abnormally if any of these values is corrupted. Similarly, region E in Figure 18-6 contains
any arguments passed in to the function that pose the same potential corruption
problems as local variables A??“D. As a general rule, when overwriting variables is
unavoidable, you should attempt to overwrite them with the same or otherwise valid
values that those variables contained at the time of the overflow. This maximizes the
chances that the program will continue to function properly up to the point that the
exploit is triggered. If we determine that the program will modify the contents of any
locations within our overflowed region, we must make sure that we do not place any
shellcode in these areas.
Self-Destructive Shellcode
Another situation that must be avoided arises when shellcode inadvertently modifies
itself, generally causing our shellcode to crash.
Pages:
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836