Nov 18, 2011 at 4:16pm UTC
So I understand that a method used by some virii is to run code that is say attached to a picture that has been cached from visiting a website.
How does a program run such code?
For example, I attach the binary for MOV eax, 5
or whatever to the end of a .jpg
I write a program that has the .jpg size and where my binary is located hard coded into the app. but how does the program run that code?
Is this code injection?
Last edited on Nov 18, 2011 at 4:20pm UTC
Nov 18, 2011 at 4:21pm UTC
They exploit vulnerabilities in library code -- usually buffer overflows -- to overwrite code or stack data, thus allowing the execution of arbitrary code. This is the main reason not to use scanf().
Nov 18, 2011 at 5:41pm UTC
So the arbitrary code could be read into a char array, then a buffer overflow would change a functions return address to the char array.
Nov 18, 2011 at 9:04pm UTC
cool, thanks, I am not writing a virus, but find it fascinating. I found a good text about it at destroy.net