Four different tricks to bypass StackShield and StackGuard protection

Stack shielding technologies have been developed to protect programs against exploitation of stack based buffer overflows. Among different types of protections, we can separate two mayor groups. Those that modify the environment where applications are executed, for example PaX now integrated into the OpenWall project, and those that alter the way programs are compiled. We will focus on the last groups, specially in StackGuard, StackShield, and Microsoft's new stack smashing protection.

Techniques that exploit stack based buffer overflows on protected programs and environment have been presented in the past. Here we'll describe how the studied protections work, and then we'll present four more tricks to bypass stack smashing protections, some of which are extentions of older techniques, and some we think are novel.