[28751] in bugtraq
RE: Preventing exploitation with rebasing
daemon@ATHENA.MIT.EDU (Anonymous)
Tue Feb 4 15:14:31 2003
Message-ID: <4F1C95C89B63544D8D6799449D5C68C2054F42@va-mail.cigital.com>
From: Anonymous <xxxxxx@xxxxxxxx.securityfocus.com>
To: David Litchfield <david@ngssoftware.com>, bugtraq@securityfocus.com
Date: Mon, 3 Feb 2003 17:21:54 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
> -----Original Message-----
> From: David Litchfield [mailto:david@ngssoftware.com]
> Sent: Tuesday, February 04, 2003 12:09 AM
> To: bugtraq@securityfocus.com; ntbugtraq@listserv.ntbugtraq.com;
> vulnwatch@vulnwatch.org
> Subject: Preventing exploitation with rebasing
>
> So how easy is it to rebase DLLs and executables? Very. Microsoft have
> provided a function to do this, ReBaseImage(), exported by
> imagehlp.dll. If
> you rebase an image the new base must be on a 64K boundary -
> i.e. if the
> image base mod 64000 !=0 the base is not valid.
>
There is a tool called "ReBase" shipped with Visual C++ and Visual C++.NET.
<http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tools/perf
util_2z39.asp>
<quote>
Rebase is a command-line tool that you can use to specify the base addresses
for the DLLs that your application uses.
</quote>
<quote>
Alternatively, you can use the ReBaseImage function.
</quote>
