Skip to content

GCC

GCC

Flags

-s: stripped binary. Without symbols

-g3: Debug level 3

-static: statically linked. All third party functions are added to the binary. This does not rely on external libs.

-fno-delete-null-pointer-checks: Remove Optimization for removing repetitive null pointer dereference. In Kernal Null is the zero memory address which could be mappable.

-fno-dse: Remove Optimization for removing memsets that are not called again. This can remove clearing sensitive information from memory.

-fsanitize=[address|undefined|thread]: programing tool that detects buffer overflows, use-after-free, Race Conditions

-Wl,-z,relro: Enable Partial RELRO.
-Wl,-z,relro,-z,now: Enable Full RELRO. This makes the Global Offset Table and the Procedure Linkage Table readonly after loading the binary

-fPIE -pie: Enable ALSR on the Binary but not the libraries
-no-pie: Disable ALSR on the Binary but not the libraries

-fno-stack-protector-all: disable stack guard after buffers to prevent overflow
-fstack-protector-all: enable stack guard after buffers to prevent overflow

-fstack-protector: enable stack canary for the application
-fno-stack-protector: disable stack canary for the application

--param ssp-buffer-size:The size of the stack protector. By default it is 8

-z execstack: Disable NX for the stack

-D_FORTIFY_SOURCE=1: Compile Checks for out of bounds buffer reads and writes
-D_FORTIFY_SOURCE=2: Compile and Runtime Checks for out of bounds buffer reads and writes

PTR_MANGLE: xores a key to the pointer to change what it points to.

-fcf-protection=[full|branch|return|none|check]: Enable checking that target addresses of control-flow transfer instructions. Protect against ROP, COP and JOP

-fno-omit-frame-pointer: better performance for running performance analyzing

-fanalyzer: Check for security Issues like use-after-free

Warnings

-Wimplicit-fallthrough: Warns when a switch case calls through to another switch case

-Wformat-security: Warn about uses of format functions that represent possible security problems

-Wvla: Warn about any use of stack-allocated variable length arrays. Prevent Memory corruption

-Wframe-larger-than=5000 -Wstack-usage=10000: Prevent large stack frames. Same reasons as above.

-Wshadow: Prevent shadowed variables, eg. a local variable with the same name as a global.