❑ Canary : It is a memory protection technique that protects the RET and SFP of a stack frame from modifying value. It is also called Cookie.
* Canary is located in the stack frame, between the SFP and the local variables(Stack frame : Link).
❍ If the canary value of the stack is modified and is different from the original Canary value, it is judged as an attack.
❍ In case of GCC, it is implemented by SSP(Stack-Smashing Protector). If Canary is modified, the __stack_chk_fail() function is executed.
* Enable(Default in latest GCC) : gcc -fstack-protector [file] / gcc -fstack-protector-all [file]
* Disable : gcc -fno-stack-protector [file]
❍ There is *MK_FP(__GS__, 20); function in the decompiler source code.