Unresolved external __security_cookie with Platform SDK compiler

Quite a frequently asked questions.

You build your code using recent build of the platform SDK and you receive one of the following error messages at compile or link time:

Linker Tools Error LNK2001
'unresolved external symbol __security_cookie '

Linker Tools Error LNK2001
'unresolved external symbol __security_check_cookie '

Long story short, the cause of this error is that /GS switch is a default switch in the compiler shipped with the PSDK. If you don’t know what is /GS switch, here is a great article from Brandon that talks about it: https://msdn.microsoft.com/library/default.asp?url=/library/en-us/dv_vstechart/html/vctchcompilersecuritychecksindepth.asp

Basically, /GS switch provides at runtime basic protection against some types of buffer overrun attacks. On functions that the compiler thinks might be subject to buffer overruns, the compiler inserts a security cookie before the return address. The security cookie is computed once at module load and its value is pushed to the stack on function entry. Then, on function exit, the compiler helper is called to make sure the cookie's value is still the same. If the value was changed, this is treated as a sign of a buffer overrun in the stack corruption.

 

To fix this problem you need to link your code to bufferoverflowU.lib. This should do it for most of applications out of there.

 

Just do

 

cl.exe a.cpp bufferoverflowU.lib

 

or

 

link a.obj bufferoverflowU.lib

 

 

This is problem-resolution type of post. I am working on a KB article on this that should be published sometime soon. It will have all details on what library and why you need to link with.

Comments

• Anonymous
  April 18, 2007
  Is there a way i can disable the /GS switch, also where do i get the bufferoverflowU.lib..

• Anonymous
  January 29, 2008
  It can be disabled from project properties: Project Properties > Configuration Properties > C/C++ > Code generation > Buffer security check