On Mon, 3 Feb 2003, David Litchfield wrote:
> Use addresses such as 0x**000000 or 0x00**0000 for the new image base.
> With there being a NULL in much of the image's address space this will
> help. (This of course won't make a difference with unicode overflows)
Just FYI, both techniques are somewhat old in the *nix world. NUL in the
address is, among others, implemented by the Openwall kernel patch on
Linux, and PaX randomizes stack and executable base mapping addresses.
--
------------------------- bash$ :(){ :|:&};: --
Michal Zalewski * [http://lcamtuf.coredump.cx]
Did you know that clones never use mirrors?
--------------------------- 2003-02-03 13:45 --
