2

例如,Linux/i386 上的 glibc 将 cookie 存储在%gs:0x14. 除了符号之外,我还需要在其他平台上__stack_chk_guard寻找 cookie 吗?

(这是生成的gcc -fstack-protector代码在函数序言中存储到堆栈中的值,并在返回之前检查以防止堆栈粉碎)。

4

1 回答 1

3

grep -B1gcc 源中定义 TARGET_THREAD_SSP_OFFSET (或使用 google codesearch http://www.google.com/codesearch?q=TARGET_THREAD_SSP_OFFSET&exact_package=http%3A%2F%2Fmosync.googlecode.com%2Fsvn&hl=en在线进行此 grep )

gcc4/trunk/gcc-4.4.3/gcc/config/sparc/linux.h 
   168: /* sparc glibc provides __stack_chk_guard in [%g7 + 0x14].  */
   169: #define TARGET_THREAD_SSP_OFFSET        0x14

gcc4/trunk/gcc-4.4.3/gcc/config/sparc/linux64.h 
   302:    sparc64 glibc provides it at [%g7 + 0x28].  */
   303: #define TARGET_THREAD_SSP_OFFSET        (TARGET_ARCH64 ? 0x28 : 0x14)

gcc4/trunk/gcc-4.4.3/gcc/config/s390/linux.h 
    98:    s390x glibc provides it at 0x28(tp).  */
    99: #define TARGET_THREAD_SSP_OFFSET        (TARGET_64BIT ? 0x28 : 0x14)

gcc4/trunk/gcc-4.4.3/gcc/config/i386/linux.h 
   214: /* i386 glibc provides __stack_chk_guard in %gs:0x14.  */
   215: #define TARGET_THREAD_SSP_OFFSET        0x14

gcc4/trunk/gcc-4.4.3/gcc/config/rs6000/linux.h 
   121: /* ppc32 glibc provides __stack_chk_guard in -0x7008(2).  */
   122: #define TARGET_THREAD_SSP_OFFSET        -0x7008

gcc4/trunk/gcc-4.4.3/gcc/config/rs6000/linux64.h 
   525:    ppc64 glibc provides it at -0x7010(13).  */
   526: #define TARGET_THREAD_SSP_OFFSET        (TARGET_64BIT ? -0x7010 : -0x7008)

gcc4/trunk/gcc-4.4.3/gcc/config/i386/linux64.h 
   118:    x86_64 glibc provides it in %fs:0x28.  */
   119: #define TARGET_THREAD_SSP_OFFSET        (TARGET_64BIT ? 0x28 : 0x14)

对于 glibc: http://www.google.com/codesearch/p?hl=en#xy1xtVWIKOQ/pub/glibc/snapshots/glibc-latest.tar.bz2%7CXP6Z3zoy3dk/glibc-20090518/elf/stackguard-macros。 h&q=stack_chk_guard&exact_package=ftp://sources.redhat.com/pub/glibc/snapshots/glibc-latest.tar.bz2&l=8

#ifdef __i386__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("movl %%gs:0x14, %0" : "=r" (x)); x; })
#elif defined __x86_64__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("movq %%fs:0x28, %0" : "=r" (x)); x; })
#elif defined __powerpc64__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("ld %0,-28688(13)" : "=r" (x)); x; })
#elif defined __powerpc__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("lwz %0,-28680(2)" : "=r" (x)); x; })
#elif defined __sparc__ && defined __arch64__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("ldx [%%g7+0x28], %0" : "=r" (x)); x; })
#elif defined __sparc__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("ld [%%g7+0x14], %0" : "=r" (x)); x; })
#elif defined __s390x__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("ear %0,%%a0; sllg %0,%0,32; ear %0,%%a1; lg %0,0x28(%0)" : "=a" (x)); x; })
#elif defined __s390__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("ear %0,%%a0; l %0,0x14(%0)" : "=a" (x)); x; })
#elif defined __ia64__
# define STACK_CHK_GUARD \
  ({ uintptr_t x; asm ("adds %0 = -8, r13;; ld8 %0 = [%0]" : "=r" (x)); x; })
#else
extern uintptr_t __stack_chk_guard;
# define STACK_CHK_GUARD __stack_chk_guard
#endif

因此,gcc 和 glibc 似乎总是对主要平台使用相同的位置,可通过 STACK_CHK_GUARD 宏访问

于 2011-02-22T13:08:02.370 回答