I
%i1 “%i5 registers (SPARC), 218
%i6 register (SPARC), 218
%i7 register (SPARC), 218
%i0 register (SPARC), 218
%i0 “%i7 registers (SPARC), 217
IA32 processor
assembly language, 6
registers, 7
IA64 references (Itanium), 334
IAT (Import Address Table), 434 “435
IBM DB2
DB2 Remote Command Server facility, 523 “525
IMPLICIT_SCHEMA authority, 523
running operating system commands, 523
".ida Code Red Worm analysis" (paper), Ryan Permeh, Marc Maiffret, 343
IDA Pro disassembler, 340, 452 “454
IDL (Interface Description Language) file, 110
IDSs (Intrusion Detection Systems)
application layer attacks on database server software, 521
byte matching shellcode, 288
Intrusion Detection with Snort (article), 289
signature-based recognition, 419
Snort, 289
Unix commands, 289
IDT (interrupt descriptor table), 564 “566
IDTR (interrupt descriptor table register), 564
ifids (interface ids) utility, 113
IIS
Code Red worm, 484
double-decode bug, 413
double-decode flaw, 467
heap overflows, 86
ISAPI filters, 411
Unicode bug, 413
WebDAV vulnerability, 470 “472
impersonating tokens, 115
IMPLICIT_SCHEMA authority (IBM DB2), 523
Import Address Table (IAT), 434 “435
import table (PE files), 107
importing functions, 434 “435
incorrect bounds-checking, 390 “391
information leakage bugs , 95
information leaks, 507 “508
inheritance in Windows, 147 “148
initialization function (DLLs), 108
injectable shellcode, 42 “44
injecting faults
delimiting logic, 355 “357
fault delivery, 358 “359
fuzzing, 363 “364
heuristics, 359 “360
input generation
automated generation, 352 “353
fuzz generation, 353
live capture, 353
manual generation, 352
test supplements, 351 “352
input sanitization , 357 “358
modification engines, 354 “355
Nagel algorithm, 359
state-based protocols, 360
stateless protocols, 360
timing, 359
injection systems for faults
DEPEND , 349
DOCTOR , 349
FERRARI , 349
FINE , 349
FIST , 349
MENDOSUS , 349
ORCHESTRA , 349, 353
ProFI , 349
Quality Assurance (QA) engineers , 350
research grants, 349
RIOT , 361 “362
Xception, 349
inline assembler, 73, 344 “345
inlining functions, 435 “436
input generation for fault injection
automated generation, 352 “353
fuzz generation, 353
live capture, 353
manual generation, 352
test supplements, 351 “352
input sanitization (fault injection), 357 “358
input validation bypass techniques
alternate encodings, 415 “416
file handling, 416 “418
stripping bad data, 415
instruction pointer register, 7, 20 “22
instructions (Alpha)
addl , 304
addq , 304
beq , 304
bgt , 304
bic , 304
bis , 304
ble, bge , 304
blt , 304
bne , 304
bsr , 304
lda , 304
ldl , 304
ldq , 304
ldw, ldb , 304
mov , 304
PAL_callsys , 305
PAL_callsys PALcode , 308
PAL_imb , 305
sll , 305
srl , 305
Stl , 304
Stq , 304
stw, stb , 304
subl , 304
subq , 304
xor , 305
instructions (Linux)
CALL , 49 “50
distinction from data, 5
int 0x80 instruction, 36
jump, 49
POP ESI , 49 “50
instructions (OpenBSD), 562 “563
instructions (Solaris)
bn, a , 220 “221
call , 217, 219 “221
jmpl , 219
NOP , 222
padding instructions, 222 “223
restore , 216 “219
ret , 219 “220
save , 216 “219
synthetic instructions, 219
int 0x80 instruction (Linux), 36
integer conversions
different- sized , 398 “399
sign switching, 399
value truncation , 399
integer overflows
addition or subtraction overflows, 397
articles and papers, 342
defined, 396 “397
integer overflow heap overflow combination, 86
kernel-level vulnerabilities, 530
multiplication overflows, 398
Professional Source Code Auditing (speech), 396
uses, 397
vulnerability tracing, 449
Intel Architecture Software Developer's Manual, Volume 2: Instruction Set Reference, 334
Interactive Disassembler Pro (IDA Pro), 452 “454
"Interception of Win32 API Calls" (paper), MS Research, 342
inter-conversion of integers, 398 “399
Interface Description Language (IDL) file, 110
interface ids (ifids) utility, 113
interrupt descriptor table (IDT), 564 “566
interrupt descriptor table register (IDTR), 564
Intrusion Detection Systems (IDSs)
application layer attacks on database server software, 521
byte matching shellcode, 288
signature-based recognition, 419
Snort, 289
Unix commands, 289
Intrusion Detection with Snort (article), Jack Koziol, 289
Intrusion Prevention Systems (IPSs), 521
iret instruction (OpenBSD), 562 “563
ISAPI filters (Microsoft IIS), 411
