RUSSIAN

BOWall is the solution implementing protection against buffer overflow attacks for windows nt4/w2k/xp/2003. The protection is based on patching system DLLs by two methods.

1) Vulnerable functions monitoring

Patching exported strcpy, wstrcpy, strncpy, wstrncpy, strcat, wcscat, strncat, wstrncat, memcpy, memmove, sprintf, swprintf, scanf, wscanf., gets, getws, fgets, fgetws by adding the code wich checks for local frame base pointer integrity.

2) Preventing execution of dynamic libraries functions from writable memory

Patching exproted DLL functions by adding the code which checks for caller address. If caller address belongs to data or stack then program execution is blocked.

Both methods are implemented to detect buffer overflow or exploit activity, buffer overflow itself is not prevented.

How to use

Downloads

BOWall v 1.21

Full source code