The Guarded Memory Move tool is useful for studying buffer overflows and catching them together with a "good" stack image. It uses dynamic function call interception to catch the most common functions that are used by attackers to exploit stack buffers. It uses the LD_PRELOAD capability, and, on discovering an exploit, will produce a core dump with the necessary information to debug the exploit and fix the software.
|Tags||Software Development Debuggers Libraries|
|Operating Systems||POSIX BSD Linux|
Release Notes: GCC's __builtin_return_address and __builtin_frame_address seems to return garbage instead of NULL at the last frame. This release fixes the problem.
Release Notes: A few more potentially dangerous functions have been wrapped.
Release Notes: Wrapper macros for user defined functions have been added, along with a larger glibc function interception. Documentation/White Paper is included in this release.
Release Notes: More functions have been added to the interception list. The ability to call an external program upon exploit detection has been added. Some necessary code cleanup has been done.
No changes have been submitted for this release.