This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [Patch]: Win95


> >>Can you believe that the address appears 5 times on the stack on Win95,
> >>twice on ME, once on NT4.0?
> >>
> >>Now that the method is stable (after 1.5.10 is released), couldn't we
> > store
> >
> >>the offsets in wincap, keeping the adaptive method as a backup in the
> >>unknown case? Or are there many variations?
> >
> > I can tell you from the perspective of writing shellcode and rootkits on
> > windows that assuming offsets will be the same is not a good idea if you
are
> > going for something that is to be widely deployed. Not only can they
vary
> > between service packs/patches, but also between language editions of the
OS.
> >
>
> What would you suggest doing instead?

Um, I would stick to the adaptive method that is currently being used. Maybe
the adaptive method could be sped up a bit, though? I'll see if I spot
anything obvious in the code tomorrow.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]