Your section: > ** [ iv. call %edx ] **
Was also covered here some time ago. http://www.milw0rm.com/papers/70 (I am only running gcc 4.0.3) In main() %edx is pointing to the start of your environment variables, not the stack. If you were to call another function from main() it would probably no longer point there. So maybe this technique works for vulnerablilities in programs parsing command line arguments in main() but its very limited in its use. chris -- http://em386.blogspot.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
