As I understand it most buffer overflow exploits must be found by the cracker, and it must be able to influence the target variable once the overflow has occured.
Instead of just finding these overflow exploits, wouldn't it be possible to in fact force the buffer to overflow? i.e, If you somehow were able to manipulate the values of the bounds?
i.e
Quote:
Buffer Overflow: the Basics
A buffer is a contiguous allocated chunk of memory, such as an array or a pointer in C. In C and C++, there are no automatic bounds checking on the buffer, which means a user can write past a buffer. For example:
int main () {
int buffer[10];
buffer[20] = 10;
}
The above C program is a valid program, and every compiler can compile it without any errors. However, the program attempts to write beyond the allocated memory for the buffer, which might result in unexpected behavior. Over the years, some bright people have used only this concept to create havoc in the computer industry. Before we understand how they did it, let's first see what a process looks like in memory.
|
hxxp://www.linuxjournal.com/article.php?sid=6701
What I'm saying is that when you disassemble the program you should search for where that [10] is assigned in asm, and then change it to a [0]. That way the overflow would always occur.
Of course you probably wouldn't change the asm code, but you could do a live memory hack, like a simple game trainer does to change the [10] to a [0].