June 2019

— If you want a rule of thumb I'd rather go with:
"It if has a name, it's an lvalue"

That's even easier and more correct

— Okay

— I can agree with that =D

— How can I move the binary ? no debug symbols and keepig __security_init_check as before


In fact, that's a pretty resonable explanation. I saw an example where the name just changed the whole context

— Well just move it? that won't change anything with the binary itself

— Not sure i understand you exactly

— Example i have a binary compiled with /GS , and of course we should have __security_init_cookie at the top right?

— It should unless one of your other options disables it

— Not sure about what /DYNAMICBASE:NO /NXCOMPAT:NO do

— Have you tried to see if they're the cause for __security_init_cookie not being present?


00401573 > $ E8 A3020000    CALL stack_co.__security_init_cookie
00401578 .^E9 74FEFFFF JMP stack_co.__scrt_common_main_seh
0040157D >/$ 55 PUSH EBP
0040157E |. 8BEC MOV EBP,ESP
00401580 |. 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8]
00401583 |. 56 PUSH ESI
00401584 |. 8B48 3C MOV ECX,DWORD PTR DS:[EAX+3C]
00401587 |. 03C8 ADD ECX,EAX
00401589 |. 0FB741 14 MOVZX EAX,WORD PTR DS:[ECX+14]
0040158D |. 8D51 18 LEA EDX,DWORD PTR DS:[ECX+18]
00401590 |. 03D0 ADD EDX,EAX
00401592 |. 0FB741 06 MOVZX EAX,WORD PTR DS:[ECX+6]
00401596 |. 6BF0 28 IMUL ESI,EAX,28
00401599 |. 03F2 ADD ESI,EDX
0040159B |. 3BD6 CMP EDX,ESI
0040159D |. 74 19 JE SHORT stack_co.004015B8

— Noob. would ban ya right now.

— LOL im litterally the only one who contributes anything useful

— Unless you count all those "google it yourself" messages useful