Sqreater
January 14th, 2006, 07:01 AM
{QUOTE-> BOWall is the solution implementing protection against buffer overflow attacks for windows nt4/w2k/xp/2003. The protection is based on patching system DLLs by two methods.
1) Vulnerable functions monitoring
Patching exported strcpy, wstrcpy, strncpy, wstrncpy, strcat, wcscat, strncat, wstrncat, memcpy, memmove, sprintf, swprintf, scanf, wscanf., gets, getws, fgets, fgetws by adding the code wich checks for local frame base pointer integrity.
2) Preventing execution of dynamic libraries functions from writable memory
Patching exproted DLL functions by adding the code which checks for caller address. If caller address belongs to data or stack then program execution is blocked.
Both methods are implemented to detect buffer overflow or exploit activity, buffer overflow itself is not prevented. <-QUOTE}
http://www.securesize.com/BOWall/index.shtml
Anyone tried it?
1) Vulnerable functions monitoring
Patching exported strcpy, wstrcpy, strncpy, wstrncpy, strcat, wcscat, strncat, wstrncat, memcpy, memmove, sprintf, swprintf, scanf, wscanf., gets, getws, fgets, fgetws by adding the code wich checks for local frame base pointer integrity.
2) Preventing execution of dynamic libraries functions from writable memory
Patching exproted DLL functions by adding the code which checks for caller address. If caller address belongs to data or stack then program execution is blocked.
Both methods are implemented to detect buffer overflow or exploit activity, buffer overflow itself is not prevented. <-QUOTE}
http://www.securesize.com/BOWall/index.shtml
Anyone tried it?