According to this paper on defeating stackguard, it seems canaries are placed lower in the stack (higher address) than EBP, allowing the attacker to overwrite EBP without being noticed. But when I look at more recent code it seems the canary is placed just after (lower address) EBP, therefore protecting it. Am I misunderstanding?
Asked
Active
Viewed 98 times
1 Answers
1
That paper is from 2002, which predates the implementation of stack buffer overflow protection in GCC and Microsoft compilers. The state of stack buffer protection has changed massively since then, and very little in that paper is likely to remain relevant on x86_32 or x86_64 binaries compiled in recent years.
Polynomial
- 132,208
- 43
- 298
- 379