From: "Geo." 

I'm still not clear, is an API the same thing as printf() would be
considered? Is an API a library function that is part of the language or
just a published entry point for whatever DLL you happen to write?

IOW, I could create a DLL file with an entry point called Geo, but there is
no geo() function in C++ so this would not count as something you would
search thru all source code looking for occurances.

Geo.

"Tony Williams"  wrote in message
news:3dea5279$1{at}w3.nls.net...
> I take a public API to mean any entry point to a library function
> (static, shared, DLL or kernel call) which can be used directly by a
> third party program. I think that's a pretty standard definition.
>
> A private subroutine in a program could be vulnerable in its own right
> or because it uses a public function which has a weakness. By the same
> token, several API functions could be vulnerable because they also use
> the same exploitable API function. That includes third-party DLLs (say)
> which use the API in their own published API.
>
> There are also undocumented API calls which, although accessible to
> third-party programs, aren't officially supported. There was a flap at
> one time about Microsoft using these to give its own apps an unfair
> advantage, but that's a different thread.
>
> --
> Tony
>
> Geo. wrote:
> > Ok I understand somewhat but is a public API the same thing as printf()
or
> > is it more like a subroutine in a program where printf() would be part
of
> > that subroutine?
> >
> > Geo.
> >
> > "Tony Williams"  wrote in message
> > news:3de94098{at}w3.nls.net...
> >
> >>We don't seem to be communicating too well I'll admit. Try this. Given a
> >>known vulnerability in an app it's easy to get a stack trace of where
> >>the program is when the exploit happens. From this you can find out
> >>which, if any, public API function is being exploited. If the exploit
> >>doesn't involve a public API then it's specific to that app.
>

--- BBBS/NT v4.01 Flag-4