Hacking Ubuntu: Serious Hacks Mods and Customizations (ExtremeTech)

R

random number generator patches, 484 “485

RATS, 386

rd, "Writing [a] Linux Kernel Keylogger" (paper), 343

realfree() function (Solaris), 234

realloc() system call, 85

reconstructing class definitions, 464 “465

recvloop function, 132 “134

Redfern, Ian, documentation of Oracle's Transparent Network Substrate (TNS) protocol, 510

re-entrant safe versions of functions, 402

reference manuals

ABI manual (Solaris/SPARC), 269

PA/RISC reference manuals (HP), 334

SPARC Architecture Online Reference Manual, 334

SPARC Assembly Language Reference Manual, 334

Tru64 Unix Assembly Language Programmer's Guid e, 302

Unix Assembly Codes Development for Vulnerabilities Illustration Purposes (LSD-PL), 341

Windows API by Brook Miles, 106

registers

AH register, 43

AL , 43

AX , 43

control, 7

defined, 7

EBP, 15

extended flags (EFLAGS), 7

extended instruction pointer (EIP), 7, 20 “22

extended stack pointer (ESP), 7, 13 “14, 24 “26

general purpose, 7

IA32 processor, 7

instruction pointer, 7, 20 “22

pointers to buffers, 212 “213

segment, 7

stack pointer, 7, 13 “14, 24 “26

32-bit registers

registers (Alpha CPU)

floating-point registers, 302

integer registers, 302 “303

pointer operations, 302

64 bits, 301

registers (SPARC processor)

flow control, 219

general-purpose registers, 216 “217

global registers, 217

%i7 , 225 “226

input registers, 217 “219

local registers, 217, 219

%npc , 219

output registers, 217 “219

%pc , 219

register windows, 216, 219, 224 “225

RegMon, 340

relative addressing, 49 “50

Relative Virtual Address (RVA), 107 “108

reliability of exploits, 500

.reloc section (PE files), 107

relocatable file formats

ELF, 107

PE-COFF, 107

restore instruction (Solaris), 216 “219

ret instruction (Solaris), 219 “220

Return to libc, 30 “33

returning to user mode with iret instruction, 562 “563

reusing connections, 347 “348

reverse shells , 337 “338

RevertToSelf() function, 114 “115

Richarte, Gerardo, Bypassing Stackguard and StackShield Protection (article), 341

RIOT fault injection system, 361 “362

Riq, "Advances in Format String Exploitation" (paper), 342

rix, "Writing ia32 Alphanumeric Shellcodes" (paper), 342

Roman Exploit Writer (ASCII Venetian implementation), 207 “210

root privileges

OpenBSD, 567 “574

Solaris/SPARC, 579 “580

stack overflows, 22 “24

RPC library (Sun) multiplication overflow vulnerability, 398

RPC services (Solaris), 215

RPC-DCOM interfaces vulnerability, 469 “470

rpc.ttdbserver exploit (Tru64), 322 “330

running operating system commands

IBM DB2, 523

Microsoft SQL Server, 521 “522

Oracle, 522 “523

runtime patches

Code Red worm, 484

GPG 1.2.2 Randomness Patch, 485 “486

Microsoft SQL Server 3-Byte Patch, 477 “481

MySQL 1-Bit Patch, 481 “483

OpenSSH RSA Authentication Patch, 483 “484

random number generators, 484 “485

Russinovich, Mark, sysinternals Web site, 339

RVA (Relative Virtual Address), 107 “108