D
dark spyrit, Barnaby Jack, dspyrit@beavuh.org, "Win32 Buffer Overflows: Location, Exploitation and Prevention" (paper), 341
data, distinction from instructions, 5
.data section (DLLs), 108
.data section overflows, 188 “190
data translation, 411 “412
database server software attacks
application layer, 520 “521
network layer, 510 “520
running operating system commands, 521 “522
Slammer worm, 528
database servers
IBM DB2
DB2 Remote Command Server facility, 523 “525
IMPLICIT_SCHEMA authority, 523
running operating system commands, 523
Microsoft SQL Server
3-Byte Patch, 477 “481
running operating system commands, 521 “522
xp_cmdshell , 521 “522
Oracle
Alert 57, 406, 410
Alert 29, 407, 410
extproc overflow, 406 “410
running operating system commands, 522 “523
SQL*Plus, 526
Transparent Network Substrate (TNS) protocol, 510
TZ_OFFSET overflow, 416
security, 509 “510
Structured Query Language (SQL), 509
vulnerabilities, 510
Datarescue Interactive Disassembler Pro (IDA Pro), 452 “454
DB (define byte) directive, 50
DB2 Remote Command Server facility (IBM DB2), 523 “525
DCE-RPC recon
CANVAS, 114
SPIKE tool, 112 “114
Todd Sabin's DCE-RPC tools, 112
tunneling, 113 “114
DCOM (Distributed Common Object Model)
AT service, 111 “112
Interface Description Language (IDL) file, 110 “111
DCOM exploits
popen() attacks, 114
system() attacks, 114
DCOM interfaces. See DCE-RPC recon
DCOM-RPC bug (MS03-26), 411
ddb kernel debugger, 554 “555
debug.exe debugger, 337 “338
debuggers
ddb, 554 “555
debug.exe , 337 “338
fault monitoring, 360 “361
gdb (GNU Debugger), 335
OllyDbg, 106, 118, 335, 504
SoftICE, 118, 335 “336
Visual C++, 336
Visual Studio, 118
WinDbg, 118, 335
decoders
Unicode, 210 “212
Windows shellcode, 123 “124
XOR decoder (Tru64 shellcode), 308 “310
default unhandled exception handler, overwriting, 71
define byte (DB) directive, 50
delay slot (SPARC processor), 219
delimiting logic (fault injection), 355 “357
denial-of-service (DOS) attacks, 422 “423
DEPEND fault injection system, 349
dest, source mnemonic (Intel), 124
Detours suite (Microsoft), 432
different- sized integer conversions, 398 “399
DilDog, The Tao of Windows Buffer Overflow (article) , 341
direct parameter access, 67 “69, 80
disassembler, 340, 452 “454
Distributed Common Object Model (DCOM)
AT service, 111 “112
Interface Description Language (IDL) file, 110 “111
DLLs (Dynamic Link Libraries)
ADVAPI.dll , 129
.data section, 108
defined, 107
function hooking, 431
functions, 107 “108
heaps, 108 “109
initialization function, 108
kernel32.dll , 125
PE-COFF files, 107 “108
viewing, 340
Win32 API, 107
ws2_32.dll , 129 “131
DOCTOR fault injection system, 349
double free bugs , 87, 368, 400
double-decode flaw (Microsoft IIS), 467
Dowd, Mark, crackaddr function vulnerability in Sendmail, 392
dtlogin heap double-free, 499
.DTORS section
heap overflows, 101
overwriting entries, 71, 81
dup system call (Solaris), 222
DuplicateHandle() function, 147
DuplicateTokenEx() function, 116
dynamic analysis during fuzzing, 372
Dynamic Link Libraries (DLLs)
ADVAPI.dll , 129
.data section, 108
defined, 107
function hooking, 431
functions, 107 “108
heaps, 108 “109
initialization function, 108
kernel32.dll , 125
PE-COFF files, 107 “108
viewing, 340
Win32 API, 107
ws2_32.dll , 129 “131
dynamic linking
Linux, 270
Solaris/SPARC, 270
dynamic linking (Solaris/SPARC), 269
dynamic string ( dynstr ) table (Solaris/SPARC), 270
