Mitigations detection

Since the Smashing The Stack For Fun And Profit article from Aleph1, a lot has been done on mitigation side: canaries, DEP/W^X, PIC (to allow ASLR), RELRO, SafeSEH, …

Because radare2 is also designed to be a present in the exploit writer arsenal, jvoisin implemented detection for some of those mitigations.

GNU/Linux

• GCC’s canary implementation can be detected by the presence of the __stack_chk_fail function. It is used to terminate a function, in case of stack overflow.
• PIE can be detected by the presence of sections headers of type dynamic.

Unfortunately, radare2 is not able to detect RELRO and NX for now.

Windows

• On windows, the DEP and PIE features can be detected by parsing the header.
• Visual Studio’s canary implementation can be detected by the presence of a __security_init_cookie function.

Radare2 is not yet able to detect SafeSEH.