CodeBreakers-Journal - Portal for IT-Security & IT-Anti-Security - Self Modifying Code

ISSN for CodeBreakers Journal

Side Story
Technical Analysis of MS06-001

Microsoft Windows is vulnerable to remote code execution in GDI32.dll (Graphical Device Interface). This vulnerability was assigned Microsoft security bulletin MS06-001 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919). An exploit containing this vulnerability was found in the wild by Websense Security Labs on 12/27/2005.

This vulnerability was exploited in the wild as early as 12/15/2005 to install various malicious programs. In order to successfully exploit this vulnerability, an attacker is only required to lure the victim to an infected website. The number of websites currently hosting malicious code has steadily increased since the exploit was made public.

In this article, Stephan Chenette walks through the disassembly of GDI32.dll, providing a detailed analysis of the code flow leading to the vulnerability. Readers are expected to be familiar with x86 assembly instructions to follow this document.

Read More >>

CodeBreakers Journal ISSN 1864-7049. IT Security Training/Auditing Journal by IITAC!

Latest Papers

Popular Papers

Journals

CodeBreakers Journal

Assembly Programming Journal

Journal Issues

Vol.5, No.1, 2008

Vol.4, No.2, 2007

Vol.4, No.1, 2007

Vol.3, No.2, 2006

RECON2006 Conf. Proc.

Vol.3, No.1, 2006

RECON2005 Conf. Proc.

Vol.2, No.1, 2005

Vol.1, No.2, 2004

Vol.1, No.1, 2004

Statistics

Members: 1927
News: 293
Web Links: 1
Visitors: 3930264

Who's Online

Damn Vulnerable Linux

Damn Vulnerable Linux (DVL) is a Linux-based (modified Damn Small Linux) tool for IT-Security & IT-Anti- Security and Attack & Defense. [CLICK HERE FOR MORE INFOS! ]

Featured Conference Video

OllyBone - Semi-Automatic Unpacking on IA-32. View the conference video here!

Home

Articles - Programming

Reverse Code Engineering

Self Modifying Code

Self Modifying Code

Written by Giovanni Tropeano

Side Story
Technical Analysis of MS06-001

Microsoft Windows is vulnerable to remote code execution in GDI32.dll (Graphical Device Interface). This vulnerability was assigned Microsoft security bulletin MS06-001 Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution (912919). An exploit containing this vulnerability was found in the wild by Websense Security Labs on 12/27/2005.

This vulnerability was exploited in the wild as early as 12/15/2005 to install various malicious programs. In order to successfully exploit this vulnerability, an attacker is only required to lure the victim to an infected website. The number of websites currently hosting malicious code has steadily increased since the exploit was made public.

In this article, Stephan Chenette walks through the disassembly of GDI32.dll, providing a detailed analysis of the code flow leading to the vulnerability. Readers are expected to be familiar with x86 assembly instructions to follow this document.

Read More >>

This article takes an in depth look at self modifying code (SMC) and how you can use it in your own applications. There are examples in C++ using inline assembly, as well as pure assembler. I also talk about executing code on the stack, which is essential to successfully write and execute SMC.

Download:

Self Modifying Code