当可以获得程序的来源程序码时,攻击者会寻找所有可疑的函式呼叫,然后尝试确定哪些是弱点。
When the source code is available, an attacker can look for all suspect function calls, and then try to determine which ones might end up being vulnerabilities.
这种想法是相当直接的︰在某处汇入一些攻击程式码(例如,呼叫 shell 的程式码)并以将控制传递给攻击程式码的方式来覆写堆叠。
The idea is pretty straightforward: Insert some attack code (for example, code that invokes a shell) somewhere and overwrite the stack in such a way that control gets passed to the attack code.
需求将在您的程序码被呼叫时叫用堆叠查核行程,在堆叠上检查直接或间接呼叫程序码的所有呼叫端。
Demands invoke a stack walk, in which all callers that directly or indirectly call your code are checked on the stack when your code is called.
应用推荐