none
BinScope 2014 reports DefaultGSCookieCheck failure against VC2008 compiled DLL RRS feed

  • Question

  • The result of running BinScope 2014 against our C/C++ DLL built with Visual Studio 2008 is:

    DefaultGSCookieCheck (FAIL)
    <dll-name> is a C or C++ binary which interferes with the stack protector. The stack protector (/GS) is a security feature of the compiler which makes it more difficult to exploit stack buffer overflow memory corruption vulnerabilities. The stack protector relies on a random number, called the "security cookie", to detect these buffer overflows. This "cookie" is statically linked with your binary from a Visual C++ library in the form of the symbol __security_cookie. On recent Windows versions, the loader looks for the magic statically linked value of this cookie, and initializes the cookie with a far better source of entropy -- the system's secure random number generator -- rather than the limited random number generator available early in the C runtime startup code. When this symbol is not the default value, the additional entropy is not injected by the operating system, reducing the effectiveness of the stack protector. To resolve this issue, ensure that your code does not reference or create a symbol named __security_cookie or __security_cookie_complement.

    I've been unable to find any documentation which details this any further or states the means to resolve it (even in the BinScope 2014 user guide). Perhaps it is not possible to resolve without upgrading to later than VS2008, but I would like a definitive answer to that.

    It's the nature of BinScope 2014's DefaultGSCookieCheck complaint that I'm trying to address. I understand the purpose and approach behind the /GS option, but this new issue has come up since the original version of BinScope (prior to the 2014 version) and there are no clear instructions as to how one might change the toolchain to address it, or even if it is possible with VS2008.

    Thanks,

    Mark

    Monday, February 1, 2016 5:20 PM

All replies

  • Hi There,

    I would appreciate if anyone could provide any answer to this particular query. It's been over 12 weeks and no one from MS has even commented anything. 

    Cheers,

    Abhay

    Thursday, May 19, 2016 9:08 AM
  • I am also facing the same problem , can someone help me to resolve this.

    Wednesday, May 25, 2016 8:28 AM