Projects / Guarded Memory Move

Guarded Memory Move

The Guarded Memory Move tool is useful for studying buffer overflows and catching them together with a "good" stack image. It uses dynamic function call interception to catch the most common functions that are used by attackers to exploit stack buffers. It uses the LD_PRELOAD capability, and, on discovering an exploit, will produce a core dump with the necessary information to debug the exploit and fix the software.

Operating Systems

Recent releases

  •  17 Apr 2007 09:24

    Release Notes: GCC's __builtin_return_address and __builtin_frame_address seems to return garbage instead of NULL at the last frame. This release fixes the problem.

    •  11 Feb 2004 16:36

      Release Notes: A few more potentially dangerous functions have been wrapped.

      •  27 Jan 2004 18:31

        Release Notes: Wrapper macros for user defined functions have been added, along with a larger glibc function interception. Documentation/White Paper is included in this release.

        •  26 Jan 2004 06:17

          Release Notes: More functions have been added to the interception list. The ability to call an external program upon exploit detection has been added. Some necessary code cleanup has been done.

          •  25 Jan 2004 05:01

            No changes have been submitted for this release.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.