Guarded Memory Move
The Guarded Memory Move tool is useful for studying buffer overflows and catching them together with a "good" stack image. It uses dynamic function call interception to catch the most common functions that are used by attackers to exploit stack buffers. It uses the LD_PRELOAD capability, and, on discovering an exploit, will produce a core dump with the necessary information to debug the exploit and fix the software.
| Tags | Software Development Debuggers Libraries |
|---|---|
| Licenses | GPL |
| Operating Systems | POSIX BSD Linux |
Recent releases
- 17 Apr 2007 02:24
Changes: GCC's __builtin_return_address and __builtin_frame_address seems to return garbage instead of NULL at the last frame. This release fixes the problem.
- 11 Feb 2004 08:36
Changes: A few more potentially dangerous functions have been wrapped.
- 27 Jan 2004 10:31
Changes: Wrapper macros for user defined functions have been added, along with a larger glibc function interception. Documentation/White Paper is included in this release.
- 25 Jan 2004 22:17
Changes: More functions have been added to the interception list. The ability to call an external program upon exploit detection has been added. Some necessary code cleanup has been done.
- 24 Jan 2004 21:01
No changes have been submitted for this release.
