Guarded Memory Move

Description

Guarded Memory Move project gets handy when you have to study buffer overflows and you need to catch them together with a "good" stack image. When a stack overflow has been exploited, the back trace is already gone together with good information about parameters and local variables, that are of vital importance when trying to understand how the attacker is trying to work out the exploit. The GMM library uses dynamic function call interception to catch the most common functions that are used by attackers to exploit stack buffers. The GMM library uses the LD_PRELOAD capability and offers two services to the user. First of all, it avoids buffer overflow to allow the attacker to execute shell-code on your machine. Second, in case where an exploit is detected, the stack content is saved and a segmentation fault is triggered. The resulting core dump will then have all the necessary information to debug the exploit and fix the software. Internally, the library insert itself between the application and the glibc library and intercept functions that might lead to buffer overflow exploits. Before calling the glibc core function, the GMM layer saves part of the stack frame above the caller to a temporary location in its frame. It also stores the previous three return addresses in its local storage before calling the glibc core function. When the core function returns, the GMM code samples again the previously recorded return addresses and, if they differ, it restores the previously saved stack frame and issue a segmentation fault. This with a clean stack frame, so that it can be inspected with a debugger. While other solutions exist to detect buffer overflow exploits, like for example StackGuard and StackShield, those differs from GMM in many ways. They live as gcc patches and do require you to rebuild your application to use their functionalities. The good of this approach is that every single function is protected against buffer overflows. The bad of this solution is that every single function is protected against buffer overflows. That is, performance regression on the whole application, even if this is not really a huge problem when hunting for buffer overflows. Another solution similar to GMM is LibSafe, but it does not save and restore the stack frame by making it unusable for debugging. But lets see how GMM differs from the above listed solutions. First of all, GMM works everywhere there are stack frames and the gcc and glibc duo. That means that it is not limited to i386 only. And now the real reason for the GMM existence. Whats New in This Release: · GCCs __builtin_return_address and __builtin_frame_address seems to return garbage instead of NULL at the last frame. This release fixes the problem..

Gmm - Guarded Memory Move - Buffer Overflows - Together With - Stack Frame - Stack - Memory - Guarded - Buffer - Overflows - Frame - Move - Debuggers - Programming

Published By:Davide Libenzi

License Type:Freeware

Date Added:22 October, 2010

Version:0.6

Price:Free

Downloads:14

Size:419.8 KB

Platform: Linux

What people say
- required fields
     
Related Downloads

gtk-Xt provides helper functions to use Xt (X Toolkit Intrinsics) together with GTK.. Get G-Inspector at SourceForge.net. Fast, secure and free downloads from the largest Open Source applications and software directory.

DateSep 13, 2010

AuthorAOSASA Shigeru

Size204.8 KB

LicenseFreeware

PriceFree

PlatformLinux

CategoryLinux Programming

gtk-Qt provides helper functions to use Qt together with GTK.. Get G-Inspector at SourceForge.net. Fast, secure and free downloads from the largest Open Source applications and software directory. G-Inspector is a GLib(GTK+) object/class inspector.

DateOct 14, 2010

AuthorAOSASA Shigeru

Size204.8 KB

LicenseFreeware

PriceFree

PlatformLinux

CategoryLinux Programming

gtk-FOX project provides helper functions to use FOX toolkit together with GTK.. Get G-Inspector at SourceForge.net. Fast, secure and free downloads from the largest Open Source applications and software directory.

DateSep 22, 2010

AuthorAOSASA Shigeru

Size215.0 KB

LicenseFreeware

PriceFree

PlatformLinux

CategoryLinux Programming

gtk-FLTK project provides helper functions to use FLTK together with GTK.. Get G-Inspector at SourceForge.net. Fast, secure and free downloads from the largest Open Source applications and software directory.

DateSep 10, 2010

AuthorAOSASA Shigeru

Size215.0 KB

LicenseFreeware

PriceFree

PlatformLinux

CategoryLinux Programming

Makepack project is a Makefile which together with a settings file and some simple rule files are able to download, compile and install software for your Slackware installation.

DateAug 24, 2010

AuthorHenrik Carlqvist

Size35.8 KB

LicenseFreeware

PriceFree

PlatformLinux

CategoryLinux Programming