The Guarded Memory Move tool is useful for studying buffer overflows and catching them together with a "good" stack image. Once a stack overflow has been exploited, the back trace is already gone, as is information about parameters and local variables that are very important in understanding how the attacker is working out the exploit. The GMM library uses dynamic function call interception to catch the most common functions that attackers use to exploit stack buffers. It uses the LD_PRELOAD capability and offers two services: first, it avoids buffer overflow to allow the attacker to execute shell-code on your machine. Second, where an exploit is detected, it saves the stack content and triggers a segmentation fault. The resulting core dump has the necessary information to debug the exploit and fix the software.
DocumentationUser reference in PDF from http://www.xmailserver.org/gmm.pdf
released on 27 January 2004
|License||Verified by||Verified on||Notes|
|GPLv2orlater||Janet Casey||27 January 2004|
Leaders and contributors
Resources and communication
|Required to build||gcc|
|Required to use||glibc|
This entry (in part or in whole) was last reviewed on 2 February 2004.