stepping over longjmp
Daniel Jacobowitz
drow@false.org
Sat Aug 5 14:07:00 GMT 2006
On Sat, Aug 05, 2006 at 02:39:58PM +0200, Mark Kettenis wrote:
> Unfortunately Ulrich's argument doesn't hold for GDB. But if we can
> get at the "cookie" that's used to encrypt the addess, it should be
> possible to undo the encryption. Lookes like the cookie is somewhere
> in thread local storage. I'll see if I can come up with a way to
> access it.
It varies from platform to platform. There's actually two cookies (one
for "pointers" and one for the GCC stack protection), and while the
stack protection pointer is an ABI, the pointer protection cookie is
considered glibc internal and might move around. And what's protected
with it also varies from architecture to architecture, and version to
version.
I'm hoping that you can make an educated guess about where to find it
anyway :-) Alternatively, maybe they'd be open to a debugging
interface.
--
Daniel Jacobowitz
CodeSourcery
More information about the Gdb
mailing list