Recently I've been playing with the Intel C++/C Compiler. Code produced by the compiler reportedly are optimized better than GCC's. I'd say it's overrated and only gives perceived speed increase for common use.
I noticed that by default it produces AT&T assembly instead of Intel. Anyway, I'm more interested in its security feature.
$ icc -helpA sample C program I used.
...
-fstack-security-check
enable overflow security checks
...
intThis is the vanilla assembly output of the program above.
main(int argc,char *argv[]) {
char buffer[256];
strcpy(buffer,argv[1]);
return 0;
}
push ebpLooking at the produced assembly output of -fstack-security-check, it looks very similar to Stack Smashing Protector (SSP).
mov ebp,esp
sub esp,0x3
and esp,0xfffffff8
add esp,0x4
sub esp,0x108
add esp,0x0
lea eax,[ebp-0x100]
mov DWORD PTR [esp],eax
mov eax,DWORD PTR [ebp+0xc]
mov eax,DWORD PTR [eax+0x4]
mov DWORD PTR [esp+0x4],eax
call 804ddd0 <strcpy>
add esp,0x8
xor eax,eax
leave
ret
[chunk 1]__intel_security_cookie is a 32-bit canary from DS e.g. ds:0x080bc00c. Just like SSP it checks the canary before returning.
< sub esp,0x108
---
> sub esp,0x10c
> mov eax,__intel_security_cookie
> mov eax,DWORD PTR [ebp-0x4]
[chunk 2]
< lea eax,[ebp-0x100]
---
> lea eax,[ebp-0x104]
[chunk 3]
> mov eax,DWORD PTR [ebp-0x4]
> call __intel_security_check_cookie
./dumbsoft `ruby -e 'puts "B"*512'`In case you didn't know, GCC has similar features.
Error: Buffer overrun occurred, forced exit
Aborted
0 comments:
Post a Comment