> -----Original Message----- > From: David Litchfield [mailto:david@ngssoftware.com] > Sent: Tuesday, February 04, 2003 12:09 AM > To: bugtraq@securityfocus.com; ntbugtraq@listserv.ntbugtraq.com; > vulnwatch@vulnwatch.org > Subject: Preventing exploitation with rebasing > > So how easy is it to rebase DLLs and executables? Very. Microsoft have > provided a function to do this, ReBaseImage(), exported by > imagehlp.dll. If > you rebase an image the new base must be on a 64K boundary - > i.e. if the > image base mod 64000 !=0 the base is not valid. > There is a tool called "ReBase" shipped with Visual C++ and Visual C++.NET. <http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tools/perf util_2z39.asp> <quote> Rebase is a command-line tool that you can use to specify the base addresses for the DLLs that your application uses. </quote> <quote> Alternatively, you can use the ReBaseImage function. </quote>
