The Guarded Memory Move tool is useful for studying
buffer overflows and catching them together with a
"good" stack image. It uses dynamic function call
interception to catch the most common functions that are
used by attackers to exploit stack buffers. It uses the
LD_PRELOAD capability, and, on discovering an exploit,
will produce a core dump with the necessary information
to debug the exploit and fix the software.
