Canary-Based Protection StackGuard Soltware Security gcc Stack-Smashing Protector Background Dump of assembler code for function main: eae时AmHa 8x88048446《+6>:push ebp Compiled with v4.6.1: Delinie 8x88048441《+1>:mov xesp,xebp gcc -fstack-protector -01.. Cattary Codenas 8x88048443<+3>:5ub $76.xesp 8 SckGuird 8x88048446《+6》:0w Rgs:20.%eax StaCiarf Waaanata DnG 0×0884844c<+12)0V e4(ebp】 return addr Puymnishie Cinin 8x0804844f《+15):x0r 写e1x,名e0K caller's ebp Data Execution 8x88048451<+17>:m0v 12(%ebp),Xeax 8x88048454<+28>:moy 4(%eax),%eax CANARY Prevention Dutidan 8x88048457<+23>:mov eax,4(%esp) 8x8884845b<+27>:1ea -68(%ebp),%eax 8x8884845e<+38>:ov eax,(%esp) ASLR Bx88048461<+33>:ca11 0x8048350 <strcpyeplt> ASLR 8x08048466《+38>:©W 4(Xebp)edx 8x88848469《+41>:×0g gs:20 Yedn buf 9x08348470《+48,:1性 0x8048477cm4h+55 (64 bytes) 8x88048472(+5B:Cd11 8x8848340 <stack_chk_fallgplt> 8x08048477《+55>:1eave 8x88048478<+56>:ret Nanjng Uivarsiy57 Software Security Background Control Flow Hijack Control Flow Hijack Defense Canary Defense 13 StackGuard StackGuard Weakness DiffGuard Polymorphic Canary Data Execution Prevention Definition DEP Scorecard Return-to-libc Attack ASLR ASLR Randomization ASLR Dept. of Computer Science, Nanjing University Canary-Based Protection StackGuard gcc Stack-Smashing Protector