This is the mail archive of the cygwin-patches@cygwin.com mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [Patch]: Win95


matt wrote:

Can you believe that the address appears 5 times on the stack on Win95,
twice on ME, once on NT4.0?

Now that the method is stable (after 1.5.10 is released), couldn't we

store


the offsets in wincap, keeping the adaptive method as a backup in the
unknown case? Or are there many variations?


I can tell you from the perspective of writing shellcode and rootkits on
windows that assuming offsets will be the same is not a good idea if you are
going for something that is to be widely deployed. Not only can they vary
between service packs/patches, but also between language editions of the OS.


What would you suggest doing instead?


Cheers,
Nicholas


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]