You can't copy code with memcpy; code is more complicated than that
Back in the day, a customer reported that their program crashed on Itanium. Wait, come back! Itanium is where the customer recognized the problem, but it applies to all other architectures, so stick with me. Their code went roughly like this: struct REMOTE_THREAD_INFO { int data1;
Hasnain says:
Great read. The fact that this was an AV vendor is really scary. I also appreciated the bit about not making bad code easily accessible even as an example.
"This code is such a bad idea, I’ve intentionally introduced errors so it won’t even compile.
...
I pointed out to the customer liaison that what the customer is trying to do is very suspicious and looks like a virus. The customer liaison explained that it’s quite the opposite: The customer is a major anti-virus software vendor! The customer has important functionality in their product that that they have built based on this technique of remote code injection, and they cannot afford to give it up at this point.
Okay, now I’m scared."
Posted on 2021-12-31T01:23:45+0000