Re: Anyone looked at the canary stack protection in Win2k3?

[Mark Feldman <mkfeldman () myway com>]

In-Reply-To: <000101c34eaa$ecf34a80$0101a8c0@gfserver>

Hi thomas
There is no need for a tool like IDA pro when you've got source code 
available under your Visual C++ 7.0 CRT\SRC directory.
The security check is enabled by adding the /GS option to the compiler's 
command line.

These two links will explain microsoft's stack smashing protection:

http://std.dkuug.dk/JTC1/SC22/WG21/docs/papers/2003/n1462.pdf

http://msdn.microsoft.com/library/default.asp?url=/library/en-
us/dv_vstechart/html/vctchCompilerSecurityChecksInDepth.asp


Regards,
Mark Feldman <mkfeldman () myway com>

> From: "Andrew Thomas" <andrew () generator co za>
> To: <vuln-dev () lists securityfocus com>
> Subject: Anyone looked at the canary stack protection in Win2k3?
> Date: Sun, 20 Jul 2003 12:37:03 +0200
>
> I've looked a bit at a single disassembly that I got 
> (IDA Pro) of the package. It's quite cute that MS have
> started creating a 'fix' to reduce the probability
> of programmatic errors in their code having as great
> an impact as they could.
>
> Any comments on their canary generator? It seems to 
> generate enough randomness, with use of:
> GetSystemTimeAsFileTime
> GetCurrentProcessId
> GetCurrentThreadId
> GetTickCount
> QueryPerformanceCounter
>
> all nicely xor'ed together. But then again, I am not
> an expert in these matters.