What is "__sequrity_cookie" & "__sequrity

[Nomad]

Hi!

When I use following code:

zipFile.resolveFile(&imageFile, pBuffer)

where pBuffer: WCHAR pBuffer[100];

I get "Unresolved external symbol" linker error with subject symbols (__sequrity_cookie & __sequrity_check_cookie)

Is that means that I can't pass to resolveFile() non constant buffer?

[Nomad]

Strange, but when I changed static buffer to dynamic ( WCHAR* pBuffer = new WCHAR[100]; ) code was linked normally without error.

Can somebody explain why I can't use static buffer in Pocket PC version? This is not critical but just interasting.

[Matias]

About what PocketPC version are you talking about, 2002, 2003, 2005? Compiling for emulator or for the pocket pc?

I cannot reproduce your error. Can you post the entire code, please?

Where is declared the variable, where is initialized, where you call the resolveFile method, etc

[Nomad]

In Visual Studio 2005 I've created smart device project for Pocket PC 2003.
Linking using lib in folder "VS2005 - PPC 2003"

following code is enough to make this error

Code: Select all

1  2  3  4  5  6  7  8  9  10	File     imageFile; HRESULT  returnCode; WCHAR    pBuffer[100]; for( DWORD i=0; i<Number; i++ ) {     swprintf( pBuffer, "%d.png", i+1 );     zipFile.resolveFile(&imageFile, pBuffer);     pSurfaces[ i ].create( &imageFile ); }
	10 lines; 1 keywds; 3 nums; 34 ops; 1 strs; 0 coms    Syntactic Coloring v0.4 - Dan East

In XP project this error message is not occured and all linked ok.

[Nomad]

Ha!

I've search in MSDN and found an interasting article "Compiler Security Checks In Depth".

It said that in VS.net when compiling with /GS compile-time flag, compiler use special mechanism to avoid buffer-overrun, to make hacker attacks using this method impossible.

But, probably, in mine situation there was some problems in linking this mechanism due to some linker setings. When I write in compiler setting /GS-, this error message disappears.

Interasting thing, that I couldn't find /GS flag in compiler settings, so I think it is used by compiler by default in all projects. Anyway explicintly set /GS- resolves this situation.

[Matias]

That´s right, you find it first ,

The buffer security check works using a cookie for any function that access local variables by reference. The __secutiry_check_cookie is a function that its added by the compiler before the return of this function anytime this situation appear.

The error link appears because, in order to use this secutiry check, you must first initialize the cookie by calling some function we are not using in our InitApplication (We are not using the Secutiry Buffer Check in GledPlay) and I guess it is not added in the Visual Studio's "Create smart device project for Pocket PC 2003"

Also, as you say, the compiler is using by default this check activated for PPC, and that´s why the error appears in PPC and not in PC.

If you like the subject, The Secutiry Buffer Check is described in this book; "Reversing: Secrets of Reverse Engineering" written by Eldad Eilam. Maybe you find it interesting.

Best Regards