Overwriting the Exception Handling Cache Pointer Dwarf Oriented Programming presented at DEF CON 20

by James Oakley, Sergey Bratus, Rodrigo Rubira Branco,

Summary : This presentation describes a new technique
for abusing the DWARF exception handling
architecture used by the GCC tool chain. This
technique can be used to exploit vulnerabilities in
programs compiled with or linked to exception-
enabled parts. Exception handling information is
stored in bytecode format, executed by a virtual
machine during the course of exception unwinding
and handling. We show how a malicious attacker
could gain control of those structures and inject
bytecode for malicious purposes. This virtual
machine is actually Turing-complete, which means
that it can be made to run arbitrary attacker logic.

James Oakley: James Oakley is an undergraduate Computer Science student at Dartmouth College. Having come to computer programming by way of microcontroller programming, he enjoys hands-on work with low level systems. His interests include computer graphics, digital electronics, security, and operating systems.

Sergey Bratus: Sergey Bratus is a Research Assistant Professor of Computer Science at Dartmouth College. He enjoys wireless and wired network hacking and tries to help fellow academics to understand its value and relevance. Before coming to Dartmouth, he worked on machine learning for natural text processing at BBN Technologies. He has a Ph.D. In Mathematics from Northeastern University.