In this section
we discuss an alternative patching strategy for situations in which you are required to continue
running a vulnerable application. The essence of this technique is to generate a
patch for the application that changes its characteristics just enough so that the application
is no longer vulnerable to the same ???mass market??? exploit that is developed to attack
every unpatched version of the application. In other words, the goal is to mutate or create
genetic diversity in the application such that it becomes resistant to standard strains of
malware that seek to infect it. It is important to note that the patching technique introduced
here makes no effort to actually correct the vulnerable condition; it simply aims to
modify a vulnerable application sufficiently to make standard attacks fail against it.
Mutations Against Stack Overflows
In Chapter 7, you learned about the causes of stack overflows and how to exploit them.
In this section, we discuss simple changes to a binary that can cause an attacker??™s working
exploit to fail. Recall that the space for stack-allocated local variables is allocated
during a function prologue by adjusting the stack pointer upon entry to that function.
The following shows the C source for a function badCode, along with the x86 prologue
code that might be generated for badCode.
Pages:
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861