__security_init_cookie
Initializes the global security cookie.
Syntax
void __security_init_cookie(void);
Remarks
The global security cookie is used for buffer overrun protection in code compiled with /GS (Buffer Security Check) and in code that uses exception handling. On entry to an overrun-protected function, the cookie is put on the stack, and on exit, the value on the stack is compared with the global cookie. Any difference between them indicates that a buffer overrun has occurred and causes immediate termination of the program.
Normally, __security_init_cookie
is called by the CRT when it's initialized. If you bypass CRT initialization—for example, if you use /ENTRY
to specify an entry-point—then you must call __security_init_cookie
yourself. If __security_init_cookie
isn't called, the global security cookie is set to a default value, and buffer overrun protection is compromised. Because an attacker can exploit this default cookie value to defeat the buffer overrun checks, we recommend that you always call __security_init_cookie
when you define your own entry point.
The call to __security_init_cookie
must be made before any overrun-protected function is entered; otherwise a spurious buffer overrun will be detected. For more information, see C Runtime Error R6035.
Example
See the examples in C Runtime Error R6035.
Requirements
Routine | Required header |
---|---|
__security_init_cookie |
<process.h> |
__security_init_cookie
is a Microsoft extension to the standard C Runtime Library. For compatibility information, see Compatibility.
See also
Phản hồi
https://aka.ms/ContentUserFeedback.
Sắp ra mắt: Trong năm 2024, chúng tôi sẽ dần gỡ bỏ Sự cố với GitHub dưới dạng cơ chế phản hồi cho nội dung và thay thế bằng hệ thống phản hồi mới. Để biết thêm thông tin, hãy xem:Gửi và xem ý kiến phản hồi dành cho