linux, säkerhet

6787212 2001-07-23 19:52 -0600  /41 rader/  <aleph1@securityfocus.com>
Sänt av: secpapers-return-37-9616=lyskom.lysator.liu.se@securityfocus.com
Importerad: 2001-07-24  03:59  av Brevbäraren
Extern mottagare: secpapers@securityfocus.com
Extern kopiemottagare: vuln-dev@securityfocus.com
Mottagare: SECPAPERS (import) <44>
Mottagare: Bugtraq (import) <18286>
    Sänt:     2001-07-24 04:36
Ärende: UNIX Assembly Codes Development For Vulnerabilities Illustration Purposes
------------------------------------------------------------
UNIX Assembly Codes Development For Vulnerabilities Illustration
Purposes Last Stage of Delirium Research Group

This technical document contains information about the specifics of
writing  assembly components for proof of concept codes on different
operating  systems/architectures. Specifically, it focuses on
commercial UNIX systems:  IRIX/MIPS, HP-UX/PA-RISC, AIX/PowerPC/POWER
and Solaris/x86/Sparc. It is  neither meant to be a complete guide to
the aforementioned computer  architectures nor it is the assembly
language tutorial. It has been written  as a result of our
side-effect investigation efforts in the area of security  research
pertaining to proof of concept codes development for security
vulnerabilities illustration purposes. Obviously, it is destined for
code  developers specializing (having/looking for an experience) in
the area of  buffer overflow and format string vulnerabilities,
however it is limited only  to these assembly parts. For information
regarding general proof of concept  codes development, please refer
to other papers.

This paper is divided into several inter-related parts. In the
beginning some  basic information about various processor
architectures and their important  characteristics is given. Next, a
detailed discussion of the system call  invocation mechanisms, which
seems to be crucial for further parts, is  presented in the context
of different operating systems. It is followed by  the introduction
to coding requirements, such as writing position independent  and
zero free assembly codes. Finally, a detailed discussion of several
assembly routines with special emphasis on their functionality is
presented.  In the appendices of this paper you will also find source
codes of every  routine for all discussed operating systems and
architectures along with  sample code of their usage.

http://lsd-pl.net/papers.html#assembly
http://lsd-pl.net/asmcodes.html
http://lsd-pl.net/documents/asmcodes-1.0.2.pdf
http://lsd-pl.net/documents/asmcodes-blackhat.ppt
http://lsd-pl.net/projects/asmcodes-1.0.2.tar.gz

-- 
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
(6787212) / <aleph1@securityfocus.com>/---(Ombruten)