Canaries: Difference between revisions
Jump to navigation
Jump to search
(Created page with "=What are canaries?= From wiki: http://en.wikipedia.org/wiki/Buffer_overflow_protection#Canaries "Canaries are known values that are placed between a buffer and control data...") |
mNo edit summary |
||
(3 intermediate revisions by 3 users not shown) | |||
Line 2: | Line 2: | ||
From wiki: http://en.wikipedia.org/wiki/Buffer_overflow_protection#Canaries | From wiki: http://en.wikipedia.org/wiki/Buffer_overflow_protection#Canaries | ||
"Canaries are known values that are placed between a buffer and control data on the stack to monitor buffer overflows." | "Canaries are known values that are placed between a buffer and control data on the stack to monitor buffer overflows." | ||
Those are also present in the PS3 system and they're initialized at kernel startup from timebase counter (ticks). | Those are also present in the PS3 system and they're initialized at kernel startup from timebase counter (ticks). | ||
You can't control them however. These are one of the obstacles against kernel(lv2) exploits. | You can't control them however. These are one of the obstacles against kernel(lv2) exploits. | ||
Line 9: | Line 12: | ||
Theoretically, only syscalls, but it's unknown for sure. | Theoretically, only syscalls, but it's unknown for sure. | ||
==Examples of Canaries== | |||
Here in naehrwert's blog you can see an example: | |||
http://nwert.wordpress.com/2012/09/19/exploiting-lv2/ | |||
(check point 2. for the details) | |||
{{Reverse engineering}}<noinclude>[[Category:Main]]</noinclude> |
Latest revision as of 20:14, 14 July 2017
What are canaries?[edit | edit source]
From wiki: http://en.wikipedia.org/wiki/Buffer_overflow_protection#Canaries
"Canaries are known values that are placed between a buffer and control data on the stack to monitor buffer overflows."
Those are also present in the PS3 system and they're initialized at kernel startup from timebase counter (ticks).
You can't control them however. These are one of the obstacles against kernel(lv2) exploits.
What functions should have these guards?[edit | edit source]
Theoretically, only syscalls, but it's unknown for sure.
Examples of Canaries[edit | edit source]
Here in naehrwert's blog you can see an example: http://nwert.wordpress.com/2012/09/19/exploiting-lv2/ (check point 2. for the details)