C
C calling convention, 457
C programming language
buffers, 12 “13
format string bugs , 55
hashing program, 139
if statements, 458 “459
overwriting library hooks, 71
Visual C++, 336
C++ programming language
assembly language, 8 “10
buffers, 12
reconstructing class definitions, 464 “465
this pointer, 463 “464
Visual C++, 336
CALL instruction, 49 “50
call instruction (Solaris), 217, 219 “221
calling conventions
Alpha CPU, 305 “306
C, 457
defined, 456
Stdcall , 457
CANVAS, 114, 119
Cbrowser, 385
CDONTS.NewMail SMTP injection bug, 413
CHAM, 381
Chapman, Matt, Muddle, 113
CHAR function (SQL), 526 “527
check_exec() function (OpenBSD), 542
CHR function (SQL), 526 “527
chroot breaker, 561
classes of bugs
almost extinct, 388 “389
double free, 400
format strings, 389 “390
incorrect bounds-checking, 390 “391
integer conversions, different- sized , 398 “399
integer overflows, 396 “398
logic errors, 388
loop constructs, 392
non-null termination of strings, 393 “394
null termination in strings, 394 “395
off-by-one , 392 “393
out-of-scope memory usage, 400
signed comparisons, 395 “396
uninitialized variable usage, 400 “401
use after free, 401 “402
cleanfree() function (Solaris), 234
closed source software
binary auditing, 451
security, 451
code constructs
calling conventions, 456 “457
function layouts, 458
if statements, 458 “459
for loops , 459 “460
memcpy library function, 462
reconstructing class definitions, 464 “465
stack frames , 454 “456
strlen library function, 462 “463
switch statements, 460 “462
this pointer, 463 “464
while loops, 459 “460
Code Red worm, 362, 484
coff_find_section() function (OpenBSD), 544
Cogswell, Bryce, sysinternals Web site, 339
COM (Common Object Model)
calling services, 111
DCOM (Distributed Common Object Model), 110
Interface Description Language (IDL) file, 110 “111
Common Object Model (COM). See COM (Common Object Model)
compiler code constructs
calling conventions, 456 “457
stack frames, 454 “456
configuration- related shellcode failures, 502
connect() function, 132
connect system call (Solaris), 222
connect-back Tru64 shellcode, 316 “317
connectback Unix shellcode, 288
connection, reusing, 347 “348
Conover, Matt, w00w00 on Heap Overflows (article), 341
continuation of execution in shellcode, 346
control registers, 7
controlling execution in format string attacks, 69 “71
conversion specifiers, 60
converting from ASCII to Unicode, 202 “203
converting integers
different-sized , 398 “399
sign switching, 399
value truncation , 399
Cowan, Crispin, StackGuard, 161
CQual, 386
crackaddr function (Sendmail), 392
crashing services, 63
CRC checksums, 449
CreateProcess() function (Windows), 110, 116
CreateProcessA() function (Windows), 147
CreateProcessAsUser() function (Windows), 116
creating
processes in Linux, 44 “45
shellcode, 50 “53
Creating Arbitrary Shellcode in Unicode Expanded Strings (article), Chris Anley, 201 “202, 342
Cscope source code browsing tool, 384 “385
Ctags, 385
current thread token, 114, 116
Cygwin shellcode creation tool, 124
|
|