除了__stack_chk_guard之外,libc存储堆栈cookie值在哪个平台上?

时间:2022-10-20 13:57:50

e.g glibc on Linux/i386 stores the cookie at %gs:0x14. Are there any other platforms on which I need to look somewhere other than at the __stack_chk_guard symbol to find the cookie?

e。Linux/i386上的g glibc将cookie存储在%gs:0x14。除了__stack_chk_guard符号之外,我还需要在其他平台上查找cookie吗?

(This is where the value that gcc -fstack-protector-generated code stores onto the stack in function prologues and checks before return to defend against stack smashing).

(这是gcc -fstack- protecers -generate的代码在函数序言中存储到堆栈中的值,并在返回前进行检查,以防止堆栈崩溃)。

1 个解决方案

#1

3  

Do a grep -B1 of TARGET_THREAD_SSP_OFFSET define from gcc sources (or do this grep online with google codesearch http://www.google.com/codesearch?q=TARGET_THREAD_SSP_OFFSET&exact_package=http%3A%2F%2Fmosync.googlecode.com%2Fsvn&hl=en )

从gcc源中执行一个grep -B1的TARGET_THREAD_SSP_OFFSET定义(或者使用谷歌codesearch http://www.google.com/codesearch? q=target_thread_ssp_offset&exact_package= http://

gcc4/trunk/gcc-4.4.3/gcc/config/sparc/linux.h 
   168: /* sparc glibc provides __stack_chk_guard in [%g7 + 0x14].  */
   169: #define TARGET_THREAD_SSP_OFFSET        0x14

gcc4/trunk/gcc-4.4.3/gcc/config/sparc/linux64.h 
   302:    sparc64 glibc provides it at [%g7 + 0x28].  */
   303: #define TARGET_THREAD_SSP_OFFSET        (TARGET_ARCH64 ? 0x28 : 0x14)

gcc4/trunk/gcc-4.4.3/gcc/config/s390/linux.h 
    98:    s390x glibc provides it at 0x28(tp).  */
    99: #define TARGET_THREAD_SSP_OFFSET        (TARGET_64BIT ? 0x28 : 0x14)

gcc4/trunk/gcc-4.4.3/gcc/config/i386/linux.h 
   214: /* i386 glibc provides __stack_chk_guard in %gs:0x14.  */
   215: #define TARGET_THREAD_SSP_OFFSET        0x14

gcc4/trunk/gcc-4.4.3/gcc/config/rs6000/linux.h 
   121: /* ppc32 glibc provides __stack_chk_guard in -0x7008(2).  */
   122: #define TARGET_THREAD_SSP_OFFSET        -0x7008

gcc4/trunk/gcc-4.4.3/gcc/config/rs6000/linux64.h 
   525:    ppc64 glibc provides it at -0x7010(13).  */
   526: #define TARGET_THREAD_SSP_OFFSET        (TARGET_64BIT ? -0x7010 : -0x7008)

gcc4/trunk/gcc-4.4.3/gcc/config/i386/linux64.h 
   118:    x86_64 glibc provides it in %fs:0x28.  */
   119: #define TARGET_THREAD_SSP_OFFSET        (TARGET_64BIT ? 0x28 : 0x14)

And for glibc: http://www.google.com/codesearch/p?hl=en#xy1xtVWIKOQ/pub/glibc/snapshots/glibc-latest.tar.bz2%7CXP6Z3zoy3dk/glibc-20090518/elf/stackguard-macros.h&q=stack_chk_guard&exact_package=ftp://sources.redhat.com/pub/glibc/snapshots/glibc-latest.tar.bz2&l=8

和glibc:http://www.google.com/codesearch/p?hl=en xy1xtVWIKOQ /酒吧/ glibc / / glibc-latest.tar.bz2 % 7快照cxp6z3zoy3dk / glibc - 20090518 / elf / stackguard-macros.h&q = stack_chk_guard&exact_package = ftp://sources.redhat.com/pub/glibc/snapshots/glibc-latest.tar.bz2&l=8

#ifdef __i386__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("movl %%gs:0x14, %0" : "=r" (x)); x; })
#elif defined __x86_64__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("movq %%fs:0x28, %0" : "=r" (x)); x; })
#elif defined __powerpc64__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("ld %0,-28688(13)" : "=r" (x)); x; })
#elif defined __powerpc__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("lwz %0,-28680(2)" : "=r" (x)); x; })
#elif defined __sparc__ && defined __arch64__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("ldx [%%g7+0x28], %0" : "=r" (x)); x; })
#elif defined __sparc__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("ld [%%g7+0x14], %0" : "=r" (x)); x; })
#elif defined __s390x__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("ear %0,%%a0; sllg %0,%0,32; ear %0,%%a1; lg %0,0x28(%0)" : "=a" (x)); x; })
#elif defined __s390__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("ear %0,%%a0; l %0,0x14(%0)" : "=a" (x)); x; })
#elif defined __ia64__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("adds %0 = -8, r13;; ld8 %0 = [%0]" : "=r" (x)); x; })
#else
extern uintptr_t __stack_chk_guard;
# define STACK_CHK_GUARD __stack_chk_guard
#endif

So, it seems that gcc & glibc always uses the same place for major platrofms, accessible via STACK_CHK_GUARD macro

因此,gcc和glibc似乎总是使用相同的位置来使用主要的platrofms,可以通过STACK_CHK_GUARD宏访问。

#1

3  

Do a grep -B1 of TARGET_THREAD_SSP_OFFSET define from gcc sources (or do this grep online with google codesearch http://www.google.com/codesearch?q=TARGET_THREAD_SSP_OFFSET&exact_package=http%3A%2F%2Fmosync.googlecode.com%2Fsvn&hl=en )

从gcc源中执行一个grep -B1的TARGET_THREAD_SSP_OFFSET定义(或者使用谷歌codesearch http://www.google.com/codesearch? q=target_thread_ssp_offset&exact_package= http://

gcc4/trunk/gcc-4.4.3/gcc/config/sparc/linux.h 
   168: /* sparc glibc provides __stack_chk_guard in [%g7 + 0x14].  */
   169: #define TARGET_THREAD_SSP_OFFSET        0x14

gcc4/trunk/gcc-4.4.3/gcc/config/sparc/linux64.h 
   302:    sparc64 glibc provides it at [%g7 + 0x28].  */
   303: #define TARGET_THREAD_SSP_OFFSET        (TARGET_ARCH64 ? 0x28 : 0x14)

gcc4/trunk/gcc-4.4.3/gcc/config/s390/linux.h 
    98:    s390x glibc provides it at 0x28(tp).  */
    99: #define TARGET_THREAD_SSP_OFFSET        (TARGET_64BIT ? 0x28 : 0x14)

gcc4/trunk/gcc-4.4.3/gcc/config/i386/linux.h 
   214: /* i386 glibc provides __stack_chk_guard in %gs:0x14.  */
   215: #define TARGET_THREAD_SSP_OFFSET        0x14

gcc4/trunk/gcc-4.4.3/gcc/config/rs6000/linux.h 
   121: /* ppc32 glibc provides __stack_chk_guard in -0x7008(2).  */
   122: #define TARGET_THREAD_SSP_OFFSET        -0x7008

gcc4/trunk/gcc-4.4.3/gcc/config/rs6000/linux64.h 
   525:    ppc64 glibc provides it at -0x7010(13).  */
   526: #define TARGET_THREAD_SSP_OFFSET        (TARGET_64BIT ? -0x7010 : -0x7008)

gcc4/trunk/gcc-4.4.3/gcc/config/i386/linux64.h 
   118:    x86_64 glibc provides it in %fs:0x28.  */
   119: #define TARGET_THREAD_SSP_OFFSET        (TARGET_64BIT ? 0x28 : 0x14)

And for glibc: http://www.google.com/codesearch/p?hl=en#xy1xtVWIKOQ/pub/glibc/snapshots/glibc-latest.tar.bz2%7CXP6Z3zoy3dk/glibc-20090518/elf/stackguard-macros.h&q=stack_chk_guard&exact_package=ftp://sources.redhat.com/pub/glibc/snapshots/glibc-latest.tar.bz2&l=8

和glibc:http://www.google.com/codesearch/p?hl=en xy1xtVWIKOQ /酒吧/ glibc / / glibc-latest.tar.bz2 % 7快照cxp6z3zoy3dk / glibc - 20090518 / elf / stackguard-macros.h&q = stack_chk_guard&exact_package = ftp://sources.redhat.com/pub/glibc/snapshots/glibc-latest.tar.bz2&l=8

#ifdef __i386__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("movl %%gs:0x14, %0" : "=r" (x)); x; })
#elif defined __x86_64__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("movq %%fs:0x28, %0" : "=r" (x)); x; })
#elif defined __powerpc64__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("ld %0,-28688(13)" : "=r" (x)); x; })
#elif defined __powerpc__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("lwz %0,-28680(2)" : "=r" (x)); x; })
#elif defined __sparc__ && defined __arch64__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("ldx [%%g7+0x28], %0" : "=r" (x)); x; })
#elif defined __sparc__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("ld [%%g7+0x14], %0" : "=r" (x)); x; })
#elif defined __s390x__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("ear %0,%%a0; sllg %0,%0,32; ear %0,%%a1; lg %0,0x28(%0)" : "=a" (x)); x; })
#elif defined __s390__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("ear %0,%%a0; l %0,0x14(%0)" : "=a" (x)); x; })
#elif defined __ia64__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("adds %0 = -8, r13;; ld8 %0 = [%0]" : "=r" (x)); x; })
#else
extern uintptr_t __stack_chk_guard;
# define STACK_CHK_GUARD __stack_chk_guard
#endif

So, it seems that gcc & glibc always uses the same place for major platrofms, accessible via STACK_CHK_GUARD macro

因此,gcc和glibc似乎总是使用相同的位置来使用主要的platrofms,可以通过STACK_CHK_GUARD宏访问。

标签:

相关文章