GMM

The Guarded Memory Move tool is useful for studying buffer overflows and catching them together with a "good" stack image. Once a stack overflow has been exploited, the back trace is already gone, as is information about parameters and local variables that are very important in understanding how the attacker is working out the exploit.

The GMM library uses dynamic function call interception to catch the most common functions that attackers use to exploit stack buffers. It uses the LD_PRELOAD capability and offers two services: first, it avoids buffer overflow to allow the attacker to execute shell-code on your machine. Second, where an exploit is detected, it saves the stack content and triggers a segmentation fault. The resulting core dump has the necessary information to debug the exploit and fix the software.

Last updated 2 Feb, 2004


User level: Submit a level

User Rating:

Homepage

License(s) :

GPLv2orlater

Rate it!

 

About

Leadership
Requirements
  • glibc (Use Requirement)
  • gcc (Build Prerequisite)
Related Projects

libsafe

Versions

0.4

0.4 beta released 2004-01-27

User Community and Support

User reference in PDF from http://www.xmailserver.org/gmm.pdf

General Resources

Development

 

Please send comments on these web pages to bug-directory@fsf.org, send other questions to info@fsf.org.

Copyright © 2000 - 2009 Free Software Foundation, Inc., 51 Franklin Street, 5th Floor, Boston, MA 02110-1301, USA

The copyright licensing notice below applies to this text. Any software described in this text has its own copyright notice and license, which can usually be found in the distribution itself.

Permission is granted to copy, distribute, and/or modify this document under the terms of the GNU Free Documentation License, Version 1.2 or any later version published by the Free Software Foundation; with no Invariant Sections, with no Front-Cover Texts, and with no Back-Cover Texts.