[fpc-pascal] Re: Get all caller adresses of a given function/procedure before executing
Rainer Stratmann
RainerStratmann at t-online.de
Thu Aug 16 10:57:57 CEST 2012
Am Thursday 16 August 2012 10:16:04 schrieb Lukasz Sokol:
> On 15/08/2012 16:05, Rainer Stratmann wrote:
> > Am Wednesday 15 August 2012 16:45:03 schrieb Lukasz Sokol:
> >>> If the maintainers decide to build in the suggested function above then
> >>> everthing is solved. By now no one of the maintainers wants this.
> >>
> >> I can understand why, more or less - this could be a security flaw if
> >> you can find the final procedure call address like that [and then
> >> inject/patch it from outside, while the program is running - see what I
> >> mean?]
> >
> > Please explain.
> > I do not change the code. I am only searching some pointers.
>
> Well, yeah, _you_ don't. What if somebody else could create a program that
> extracts private (unexported) function pointers from executables and be
> able to redirect entire code paths. Oh wait. this is called executable
> infection and great deal of people actually _do_ that.
I don't understand what you want to say here.
Am I responsible for things other people may do?
> >> Sort of the reason why Linux doesn't export System.map any more...
>
> (actually, they don't export syscalls table as r/w area, for the fear of
> somebody patching it with their own entries, they do it as r/o instead).
>
> >> And the sort of reason why (dx)gettext scans the _source_ not the
> >> binary.
> >
> > If the pointers were provided natively then scaning the source (labour
> > intensive) is no more necessary.
>
> So you think maintaining your own disassembler is easier, more stable and
> less maintenance than scanning the source?
Yes, of course.
It runs automatically no additional step is needed.
More information about the fpc-pascal
mailing list