𝗔 𝗚𝗹𝗮𝗻𝗰𝗲 𝗮𝘁 𝗦𝘁𝗮𝗰𝗸 𝗣𝗿𝗼𝘁𝗲𝗰𝘁𝗶𝗼𝗻
In my endeavours to try out different things from the vast field of Computer Science, this time I went ahead with disassembling, aka reverse engineering.
Recently, I'd been working on a pwnablekr challenge. One interesting find while trying to make sense of the huge ASM code was learning how C programs detect stack manipulation to prevent security breaches (mainly buffer overflow).
In low-level programming, the FS and GS registers are used to access important operating system data. I discovered that on Linux, the FS register, specifically FS:0x28, stores a special value called a stack-guard. This value helps detect if the stack has been tampered with.
From what I understand, this value is known as the '__stack_chk_guard'.
Here's how it works: The program checks if the current stack value matches the original FS:0x28 value. This ensures that the stack hasn't been corrupted by unauthorized changes (you could argue there's a probability ...).
Understanding these details not only deepens our understanding of system programming but also highlights the critical role of security measures in software development at all levels.
References:
why-does-this-memory-address-fs0x28-fs0x28-have-a-random-value
Pic : from x64dbg official website