Stack Frame Canary

Access Control Configuration

Access Control Group

Access Control List

Access Mediator

Access Process

Access Token

Activity Dependency

Address Space

Administrative Network Traffic

Alias

Allocate Memory

Application

Application Configuration

Application Configuration Database

Application Configuration Database Record

Application Configuration File

Application Installer

Application Inventory Sensor

Application Layer Firewall

Application Layer Link

Application Process

Application Process Configuration

Application Rule

Application Shim

Archive File

Artifact Server

Asymmetric Key

Audio Input Device

Authenticate User

Authentication

Authentication Function

Authentication Log

Authentication Server

Authentication Service

Authorization

Authorization Log

Authorization Service

Barcode Scanner Input Device

Binary Large Object

Binary Segment

Block Device

Boot Loader

Boot Record

Boot Sector

Browser

Browser Extension

Build Tool

Business Communication Platform Client

CA Certificate File

Processor Cache Memory

Call Stack

Central Processing Unit

Certificate

Certificate File

Certificate Trust Store

Chatroom Client

Child Process

Client Application

Client Computer

Clipboard

Cloud Configuration

Cloud Instance Metadata

Cloud Service Authentication

Cloud Service Authorization

Cloud Service Sensor

Cloud Storage

Cloud User Account

Code Analyzer

Code Repository

Collaborative Software

Network Agent

Command

Command History Log

Command History Log File

Command Line Interface

Compiler

Compiler Configuration File

Computing Server

Configuration Database

Configuration Database Record

Configuration File

Configuration Management Database

Configuration Resource

Connect Socket

Console Output Function

Container Build Tool

Container Image

Container Orchestration Software

Container Process

Container Runtime

Copy Memory Function

Copy Token

Create File

Create Process

Create Socket

Create Thread

Credential

Credential Management System

Cryptographic Key

Custom Archive File

Cyber Sensor

DHCP Network Traffic

DHCP Server

DNS Lookup

DNS Network Traffic

DNS Record

DNS Server

Data Artifact Server

Data Dependency

Data Link Link

Database

Database File

Database Query

Database Server

Decoy Artifact

Default User Account

Delete File

Dependency

Deserialization Function

Desktop Computer

Developer Application

Dial Up Modem

Digital Artifact

Digital Fingerprint

Digital Information

Digital Information Bearer

Digital System

Directory

Directory Service

Display Adapter

Display Device Driver

Display Server

Document File

Domain Name

Domain Registration

Domain User Account

Dynamic Analysis Tool

Email Attachment

Email Rule

Embedded Computer

Enclave

Encrypted Credential

Encrypted Password

Endpoint Sensor

Eval Function

Event Log

Exception Handler

Exec

Executable Binary

Executable File

Executable Script

External Content Inclusion Function

Fast Symbolic Link

File

File Hash

File Path Open Function

File Section

File Server

File Share Service

File System

File System Link

File System Metadata

File System Sensor

File Transfer Network Traffic

Finger Print Scanner Input Device

Firewall

Firmware

Firmware Sensor

First-stage Boot Loader

Flash Memory

Forward Proxy Server

Free Memory

Get Open Sockets

Get Open Windows

Get Running Processes

Get Screen Capture

Get System Config Value

Get System Network Config Value

Get System Time

Get Thread Context

Global User Account

Graphical User Interface

Graphics Card Firmware

Graphics Processing Unit

Group Policy

HTML File

Hard Disk Firmware

Hard Link

Hardware Device

Hardware Driver

Heap Segment

Host

Host-based Firewall

Host Configuration Sensor

Host Group

Hostname

Human Input Device Firmware

IP Address

IPC Network Traffic

IP Phone

Identifier

Image Code Segment

Image Data Segment

Image Scanner Input Device

Image Segment

Impersonate User

Import Library Function

In-memory Password Store

Inbound Internet DNS Response Traffic

Inbound Internet Mail Traffic

Inbound Internet Network Traffic

Inbound Network Traffic

Init Script

Input Device

Input Function

Instant Messaging Client

Integration Test Execution Tool

Internet DNS Lookup

Internet File Transfer Traffic

Internet Network

Internet Network Traffic

Interprocess Communication

Intranet Administrative Network Traffic

Intranet DNS Lookup

Intranet File Transfer Traffic

Intranet IPC Network Traffic

Intranet Multicast Network Traffic

Intranet Network

Intranet Network Traffic

Intranet RPC Network Traffic

Intranet Web Network Traffic

Intrusion Detection System

Intrusion Prevention System

Java Archive

JavaScript Blob

Job Schedule

Job Scheduler Software

Kerberos Ticket

Kerberos Ticket Granting Service Ticket

Kerberos Ticket Granting Ticket

Kernel

Kernel API Sensor

Kernel Module

Kernel Process Table

Keyboard Input Device

Kiosk Computer

Laptop Computer

Legacy System

Link

Linux Clone

Linux Clone3

Linux Clone3 Argument CLONE_THREAD

Linux Clone Argument CLONE_THREAD

Linux Connect

Linux Creat

Linux Execve

Linux Execveat

Linux Fork

Linux Kill Argument SIGKILL

Linux Mmap

Linux Mmap2

Linux Munmap

Linux Open Argument O_CREAT

Linux Open Argument O_RDONLY, O_WRONLY, O_RDWR

Linux OpenAt2 Argument O_CREAT

Linux OpenAt2 Argument O_RDONLY, O_WRONLY, O_RDWR

Linux OpenAt Argument O_CREAT

Linux OpenAt Argument O_RDONLY, O_WRONLY, O_RDWR

Linux Pause Process

Linux Pause Thread

Linux Ptrace Argument PTRACE_ATTACH

Linux Ptrace Argument PTRACE_CONT

Linux Ptrace Argument PTRACE_GETREGS

Linux Ptrace Argument PTRACE_INTERRUPT

Linux Ptrace Argument PTRACE_PEEKTEXT

Linux Ptrace Argument PTRACE_POKETEXT

Linux Ptrace Argument PTRACE_SETREGS

Linux Ptrace Argument PTRACE_DETACH

Linux Ptrace Argument PTRACE_TRACEME

Linux Read

Linux Readv

Linux Rename

Linux Renameat

Linux Renameat2

Linux Socket

Linux Socketcall Argument SYS_CONNECT

Linux Socketcall Argument SYS_SOCKET

Linux Time

Linux Unlink

Linux Unlinkat

Linux Vfork

Linux Write

Linux Writev

Linux _Exit

Local Area Network

Local Area Network Traffic

Local Authentication Service

Local Authorization Service

Local Resource

Local Resource Access

Local User Account

Log

Log File

Log Message Function

Logical Link

Logon User

MacOS Keychain

Mail Network Traffic

Mail Server

Mail Service

Mathematical Function

Media Server

Memory Address

Memory Address Space

Memory Allocation Function

Memory Block

Memory Extent

Memory Free Function

Memory Management Unit

Memory Management Unit Component

Memory Pool

Memory Protection Unit

Memory Word

Message Transfer Agent

Metadata

Microcode

Microsoft HTML Application

Mobile Phone

Modem

Mouse Input Device

Move File

Multimedia Document File

NTFS Hard Link

NTFS Junction Point

NTFS Link

NTFS Symbolic Link

Network

Network Card Firmware

Network Directory Resource

Network File Resource

Network File Share Resource

Network Flow

Network Flow Sensor

Network Init Script File Resource

Network Link

Network Node

Network Packet

Network Printer

Network Protocol Analyzer

Network Resource

Network Resource Access

Network Sensor

Network Service

Network Session

Network Time Server

Network Traffic

Network Traffic Analysis Software

OS API Access Process

OS API Allocate Memory

OS API Connect Socket

OS API Copy Token

OS API Create File

OS API Create Process

OS API Create Socket

OS API Create Thread

OS API Delete File

OS API Exec

OS API Free Memory

OS API Function

OS API Get System Time

OS API Get Thread Context

OS API Move File

OS API Open File

OS API Read File

OS API Read Memory

OS API Resume Process

OS API Resume Thread

OS API Save Registers

OS API Set Registers

OS API Set Thread Context

OS API Suspend Process

OS API Suspend Thread

OS API System Function

OS API Terminate Process

OS API Trace Process

OS API Trace Thread

OS API Write File

OS API Write Memory

Object File

Office Application

Office Application File

Open File

Operating System

Operating System Configuration

Operating System Configuration Component

Operating System Configuration File

Operating System Executable File

Operating System File

Operating System Log File

Operating System Packaging Tool

Operating System Process

Operating System Shared Library File

Operations Center Computer

Optical Modem

Orchestration Controller

Orchestration Server

Orchestration Worker

Outbound Internet DNS Lookup Traffic

Outbound Internet Encrypted Remote Terminal Traffic

Outbound Internet Encrypted Traffic

Outbound Internet Encrypted Web Traffic

Outbound Internet File Transfer Traffic

Outbound Internet Mail Traffic

Outbound Internet Network Traffic

Outbound Internet RPC Traffic

Outbound Internet Web Traffic

Outbound Network Traffic

Output Device

POSIX Symbolic Link

Packet Log

Page

Page Frame

Page Table

Parent Process

Partition

Partition Table

Password

Password Database

Password File

Password Manager

Password Store

Peripheral Firmware

Peripheral Hub Firmware

Personal Computer

Physical Address

Physical Link

Physical Location

Pipe

Platform

Pointer

Pointer Dereferencing Function

PowerShell Profile Script

Primary Storage

Print Server

Private Key

Privileged User Account

Process

Process Code Segment

Process Data Segment

Process Environment Variable

Process Image

Process Segment

Process Start Function

Process Tree

Processor

Processor Component

Processor Register

Property List File

Proxy Server

Public Key

Python Package

Python Script File

RAM

RDP Session

RF Node

RF Receiver

RF Transceiver

RF Transmitter

ROM

RPC Network Traffic

Radio Modem

Raw Memory Access Function

Read File

Read Memory

Record

Remote Authentication Service

Remote Authorization Service

Remote Command

Remote Database Query

Remote Procedure Call

Remote Resource

Remote Session

Remote Terminal Session

Removable Media Device

Resource

Resource Access

Resource Fork

Resume Process

Resume Thread

Reverse Proxy Server

Router

SSH Session

Save Registers

Saved Instruction Pointer

Scheduled Job

Script Application Process

Second-stage Boot Loader

Secondary Storage

Security Token

Sensor

Serialization Function

Server

Service Application

Service Application Process

Service Dependency

Session

Session Cookie

Set Registers

Set System Config Value

Set Thread Context

Shadow Stack

Shared Computer

Shared Library File

Shared Resource Access Function

Shim

Shim Database

Shortcut File

Slow Symbolic Link

Software

Software Artifact Server

Software Deployment Tool

Software Library

Software Library File

Software Package

Software Packaging Tool

Software Patch

Source Code Analyzer Tool

Stack Component

Stack Frame

Stack Frame Canary

Stack Segment

Startup Directory

Static Analysis Tool

Storage

Stored Procedure

String Format Function

Subroutine

Suspend Process

Suspend Thread

Switch

Symbolic Link

Symmetric Key

System Call

System Config System Call

System Configuration Database

System Configuration Database Record

System Configuration Init Database Record

System Configuration Init Resource

System Dependency

System Firewall Configuration

System Firmware

System Init Configuration

System Init Process

System Init Script

System Password Database

System Service Software

System Software

System Startup Directory

System Time Application

System Utilization Record

TFTP Network Traffic

TFTP Server

Tablet Computer

Terminate Process

Tertiary Storage

Test Execution Tool

Thin Client Computer

Thread

Thread Start Function

Ticket Granting Ticket

Trace Process

Trace Thread

Transducer Sensor

Translation Lookaside Buffer

Transport Link

Trust Store

URL

Unit Test Execution Tool

Unix Hard Link

Unix Link

User

User Account

User Action

User Application

User Behavior

User Group

User Init Configuration File

User Init Script

User Input Function

User Interface

User Logon Init Resource

User Process

User Startup Directory

User Startup Script File

User to User Message

Utility Software

VPN Server

Version Control Tool

Video Input Device

Virtual Address

Virtual Memory Space

Virtualization Software

Volume

Volume Boot Record

Web API Resource

Web Application Firewall

Web Application Server

Web Authentication

Web File Resource

Web Network Traffic

Web Resource

Web Resource Access

Web Script File

Web Server

Web Server Application

Wide Area Network

Windows OpenFile

Windows CreateFileA

Windows CreateProcessA

Windows CreateRemoteThread

Windows CreateThread

Windows DeleteFile

Windows DuplicateToken

Windows GetThreadContext

Windows NtGetThreadContext

Windows NtAllocateVirtualMemory

Windows NtAllocateVirtualMemoryEx

Windows NtCreateFile

Windows NtCreateMailslotFile

Windows NtCreateNamedPipeFile

Windows NtCreatePagingFile

Windows NtCreateProcess

Windows NtCreateProcessEx

Windows NtCreateThread

Windows NtCreateThreadEx

Windows NtDeleteFile

Windows NtDuplicateToken

Windows NtFlushInstructionCache

Windows NtFreeVirtualMemory

Windows NtOpenFile

Windows NtOpenProcess

Windows NtOpenThread

Windows NtProtectVirtualMemory

Windows NtQuerySystemTime

Windows NtReadFile

Windows NtReadFileScatter

Windows NtResumeThread

Windows NtSetInformationFile Argument FileDispositionInformation

Windows NtSetThreadContext

Windows NtSuspendProcess

Windows NtSuspendThread

Windows NtTerminateProcess

Windows NtWriteFile

Windows NtWriteFileGather

Windows NtWriteVirtualMemory

Windows OpenProcess

Windows OpenThread

Windows QueryPerformanceCounter

Windows ReadFile

Windows Registry

Windows Registry Key

Windows Registry Value

Windows ResumeThread

Windows SetThreadContext

Windows Shortcut File

Windows SuspendThread

Windows TerminateProcess

Windows VirtualAllocEx

Windows VirtualFree

Windows VirtualProtectEx

Windows WriteFile

Windows WriteProcessMemory

Wireless Access Point

Wireless Router

Write File

Write Memory

Zero Client Computer

Properties

id: d3f:StackFrameCanary

name: Stack Frame Canary
definition: Stack canaries, named for their analogy to a canary in a coal mine, are used to detect a stack buffer overflow before execution of malicious code can occur. This method works by placing a small integer, the value of which is randomly chosen at program start, in memory just before the stack return pointer. Most buffer overflows overwrite memory from lower to higher memory addresses, so in order to overwrite the return pointer (and thus take control of the process) the canary value must also be overwritten. This value is checked to make sure it has not changed before a routine uses the return pointer on the stack. This technique can greatly increase the difficulty of exploiting a stack buffer overflow because it forces the attacker to gain control of the instruction pointer by some non-traditional means such as corrupting other important variables on the stack.
synonyms: Stack Canary
defined by: http://dbpedia.org/resource/Stack_buffer_overflow#Stack_canaries

json

Neighbors

        graph LR;

    d3f:StackFrame["Stack Frame"] --> | may-contain | d3f:StackFrameCanary["Stack Frame Canary"];

            class d3f:StackFrame inbound_node;
            style d3f:StackFrame fill:#fff4dd;

            class d3f:StackFrameCanary RootArtifactNode;
            style d3f:StackFrameCanary fill:#fff4dd;

            click d3f:StackFrame href "/dao/artifact/d3f:StackFrame";
            click d3f:StackFrameCanary href "/dao/artifact/d3f:StackFrameCanary";

Inferred Relationships

This page is experimental and may change significantly in future releases.

Hierarchy

(filtered)

Related Countermeasure Techniques

No related defensive techniques in this release.

Related Weaknesses

StackFrameCanary has no related weaknesses in this release.

Related Offensive Techniques

No related offensive techniques in this release.