Overwriting the Exception Handling Cache PointerDwarf Oriented Programming

Overwriting the Exception Handling Cache PointerDwarf Oriented Programming

This presentation describes a new technique for abusing the DWARF exception handling architecture used by the GCC tool chain. This technique can be used to exploit vulnerabilities in programs compiled with or linked to exception-enabled parts. Exception handling information is stored in bytecode format, executed by a virtual machine during the course of exception unwinding and handling. We show how a malicious attacker could gain control of those structures and inject bytecode for malicious purposes. This virtual machine is actually Turing-complete, which means that it can be made to run arbitrary attacker logic.

Presented by