CookieCrumbler

This is the support material for the paper "Smashing the Stack Protector for Fun and Profit".

CookieCrumbler is a program that allows to measure various characteristics of current Stack Protector implementations.
The program measures address distances of all possible user-controllable types of memory.
Additionally, it determines the amount of bytes behind the memory location that are writable in a contiguously manner.
This information allows us to determine if an attacker can bypass the Stack Protector.

Slides

Download

Paper

Download

Source Code

Download
Compatible with various UNIX variants and Windows.


Results


Measurement Data

Operating SystemArchitectureC Standard LibraryData
All Data - -Download
Android 7.0 ARM BionicDownload
Android 7.0 x86_64 BionicDownload
macOS 10.12.1 x86_64 libSystem.dylibDownload
FreeBSD 11.00 x86_64 libc.so.7Download
OpenBSD 6.0 x86_64 libc.so.88.0Download
Windows 10 x86 msvcr1400.dllDownload
Windows 10 x86_64 msvcr1400.dllDownload
Windows 7 x86 msvcr1400.dllDownload
Windows 7 x86_64 msvcr1400.dllDownload
Arch Linux x86_64 libc-2.26.soDownload
Debian Jessie x86 libc-2.19.soDownload
Debian Jessie ARM libc-2.19.soDownload
Debian Jessie PowerPC libc-2.19.soDownload
Debian Jessie s390x libc-2.19.soDownload
Debian Stretch x86_64 dietlibc 0.33Download
Debian Stretch x86_64 musl-libc 1.1.16Download
Ubuntu 14.04 LTS x86_64 EGLIBC 2.15Download