Share via


Better control over /GS stack checking in your driver

Michael Howard has a great posting on improvements made in the compiler with respect to the /GS flag (stack checking using a "canary" on function exit). Before these changes, #pragmas to explicitly turn the functionality on or off, the compiler itself decided where it was appropriate to add the stack checks based on internal heuristics. The improvements were made to the VS2005 SP1 version of the compiler, but I just checked and the compiler in the WDK includes these changes. Use this functionality as another tool in the tool belt for writing secure drivers!