undefined | Better HN

0 pointsww52012y ago0 comments

Let me say it again, you can patch the WELL KNOWN points of any program.

I don't care where your compiler's AST tree or code generation is. For any compromised program (including a compiler) all I need to do is to monitor the files it generates (patch file_open), for any executable output files, patch its main entry point and add in a payload.

When a compromised compiler is generating your compiler, it will patch your compiler's entry point and add in an extra payload. When your compiler compiles another compiler, it will do the same thing, and so to any other programs it generates.

It's virus writing 101.

0 comments

3 comments · 1 top-level

tedunangst12y ago· 2 in thread

How do you identify an executable output file?

ww520OP12y ago

File that contains _main? File that ends in .exe?

nitrogen12y ago

Watch for an ELF/COFF/PE/etc. header.

j / k navigate · click thread line to collapse