samedi 20 août 2011 15:05
Is the GSFunctionOptimizeCheck within BinScope an optional check, or is it considered a requirement of SDL?
While running BinScope, I'm getting GSFunctionOptimizeCheck failure on just a few odd functions and methods. Optimizations are enabled and there doesn't seem to be anything special about the functions that would cause /GS to fail for them, except perhaps for some inlining going on. The functions are typically very short.
Toutes les réponses
mardi 13 septembre 2011 22:03I'm guessing it could actually be your inlining...Teams I work with have been finding the MSDN documentation for GS (http://msdn.microsoft.com/en-us/library/8dbf701c.aspx) to be more useful as a reference than the documentation that Binscope currently provides to explain GSFunctionOptimizeCheck. The following section in particular:The compiler does not provide security protection for vulnerable parameters in the following situations:
- Functions that do not contain a buffer.
- If optimizations (/O Options (Optimize Code)) are not enabled.
- Functions with a variable argument list (...).
- Functions marked with naked (C++).
- Functions containing inline assembly code in the first statement.
- If a parameter is used only in ways that are less likely to be exploitable in the event of a buffer overrun.