, 2006, 2008), spyware detection (Egele et al. It can be used in many areas of security, e.g.
Dynamic taint analysis derives from information flow that has been widely researched in recent years. Information flow (Bell and LaPadula, 1973 Biba, 1977) is an important idea for protecting confidentiality and integrity (Cavallaro et al. To defeat memory-corruption attack, dynamic analysis offers more advantages than static analysis. malloc) to corrupt memory in order to execute attacking code. In recent years, another type of memory-corruption attack, indirect memory-corruption exploit (IMCE), is emerging which often makes use of integer overflow conversion error and subsequently invokes memory operation routine (e.g.
In this paper, we call attacks that directly modify memory to execution attacking code as direct memory-corruption exploit (DMCE). The other approach is dynamic analysis that executes the program to collect run-time information for detection. However, static analysis can be easily evaded by obfuscation (such as polymorphism and metamorphism) and it requires substantial human labor. Static checking can also be done by signature matching which is widely deployed in NIDS/HIDS, such as Snort (Roesch, 2001) and Bro (Paxson, 1999). The first approach is static analysis that security experts manually analyze source code or binary code looking for potential vulnerability. The other category is detection which has two general approaches. , 2003) and randomization (Bhatkar et al. The first one is to prevent attack at compile time, influential research work includes StackGuard (Cowan et al. There are two categories to defend code injection attacks. of a short piece of instructions ending in ret diverting control flow to the next gadget. It is best to do this when the player is already carrying 52 different items so the loadstone will take up the '#' slot. Overflowing the player's inventory is only possible by wishing for cursed loadstones, and this usually can only be done in wizard mode. The player can also wish for objects such as boulders and not have them drop to the floor. If inventory weight display is enabled, the player will see that the inventory weight is negative 2 billion and they will be able to pick up any object, provided that they have an inventory letter free.
This tends to cause the Stressed/ Burdened/ Overloaded/ Overtaxed status to go away. It is also possible to cause integer overflow with containers or the player's inventory, causing them to have negative weight. Items with enchantments can go from -128 to +127 without overflowing. In the case of AC, the code calculates your current AC in a larger variable (varies, but most likely 32 bits), and then checks if the smaller AC variable (8 bits) would overflow. One way you can detect whether an overflow would occur is if subtracting from a negative value produces a positive value, or adding to a positive value produces a negative value. Some integers in NetHack, like AC and alignment, have protection against overflow. Thankfully, this doesn't happen in the case of AC. 124 AC is of course extremely bad, considering a naked human has 10 AC. 131 is too large for a signed 8-bit variable, so your new AC would be 124. If your AC is -126 and you put on a piece of armor that would reduce your AC by five points, then your AC would become -131. Subtracting too much from a small unsigned variable would produce a large value.Ī signed 8-bit variable (which is what AC uses) can store -128 to 127 inclusive. An unsigned variable that exceeds its capacity would become a small positive value, or zero. So for a signed variable, a negative value too large to fit would become a large positive value. Generally what happens, due to two's complement arithmetic, is that the variable wraps to the opposite end of the spectrum.
Integer overflow is what occurs when a numeric variable exceeds its maximum capacity.