|
|
> One of the bugs is a branching instruction that may, or may not
> jump to the intended address +1. For the moment it's being
> worked around in the compilers by putting a few NOP's at
> spots that require such branching. Since there may be such
> sets of NOP's in the code, a hacker might replace the NOP's
> with a jump code of their own in order to execute their virus
> code, then jump back to continue execution of the original
> program.
Bah, a hacker can put a jump to their code anywhere. The instruction they
overwrote with their "jump" they just execute somewhere in their own code
before returning. Easiest way is to just overwrite another jump
instruction, then jump to the location of that jump at the end of your virus
code. I don't think they need to specifically look out for NOPs to write
over.
Post a reply to this message
|
|