> > c) Even with b) it is tricky to obtain the correct address as most sendmails > are normally void of all debugging information. not really. I have written up a program that will find the correct addresses whether or not the binary contained debugging information. Its a simple matter of generating a core dump with a pattern in the debug vector and doing a search through the core image for the patterns you need. The whole program fits easily into a small script and could be used quite easily for breaking into a wide range of systems. > e) The -d value probably differs for each system type, and probably for each > system release. I've only done testing on SunOS 4.1.3. The operator did a reboot in the middle of my testing and I noticed that the value changed. I'm not sure exactly why that is (same exact binary image was used) my best guess is that it is related to the shared libraries. Other systems that are a bit more static will probably have one magic number that works on all systems. > James Bonfield (jkb@mrc-lmb.cam.ac.uk) Tel: 0223 402499 Fax: 0223 412282 > Medical Research Council - Laboratory of Molecular Biology, > Hills Road, Cambridge, CB2 2QH, England. >