__security_init_cookie
Initializes the global security cookie.
void __security_init_cookie(void);
Remarks
The global security cookie is used for buffer overrun protection in code compiled with /GS (Buffer Security Check) and in code that uses exception handling. On entry to an overrun-protected function, the cookie is put on the stack, and on exit, the value on the stack is compared with the global cookie. Any difference between them indicates that a buffer overrun has occurred and causes immediate termination of the program.
Normally, __security_init_cookie is called by the CRT when it is initialized. If you bypass CRT initialization—for example, if you use /ENTRY to specify an entry-point—then you must call __security_init_cookie yourself. If __security_init_cookie is not called, the global security cookie is set to a default value and buffer overrun protection is compromised. Because an attacker can exploit this default cookie value to defeat the buffer overrun checks, we recommend that you always call __security_init_cookie when you define your own entry point.
The call to __security_init_cookie must be made before any overrun-protected function is entered; otherwise a spurious buffer overrun will be detected. For more information, see C Run-Time Error R6035.
Example
See the examples in C Run-Time Error R6035.
Requirements
Routine |
Required header |
---|---|
__security_init_cookie |
<process.h> |
__security_init_cookie is a Microsoft extension to the standard C Runtime Library. For compatibility information, see Compatibility.
.NET Framework Equivalent
Not applicable. This function should only be called from native code, not managed code.