Pelles C forum

C language => Windows questions => Topic started by: Tino on February 18, 2013, 11:05:25 PM

Title: ASLR ?
Post by: Tino on February 18, 2013, 11:05:25 PM

Hi Forum :)

Is there any way to enable ASLR in Pelles C Projects ?

Maybe some inline assembler ?

Thank you :)

Title: Re: ASLR ?
Post by: Bitbeisser on February 19, 2013, 08:49:32 AM

Quote from: Tino on February 18, 2013, 11:05:25 PM

Hi Forum :)

Is there any way to enable ASLR in Pelles C Projects ?

Maybe some inline assembler ?

Thank you :)

I am not sure what exactly you are talking about by just throwing around a 4 letter wordabbreviation, but the ASLR that I know (meaning Address Space Layout Randomization) is an OS memory management feature, not anything compiler specific...  :-\

Ralf

Title: Re: ASLR ?
Post by: Tino on February 19, 2013, 11:01:37 AM

Hello Ralf :)

Yes, Address Space Layout Randomization is my target.

Visual C++ got the /DYNAMICBASE[:NO] to mark a programm ASLR enabled
without that switch Windows won t use ASLR.

Try ProcessExplorer and set View to ASLR,
you can see that nearly all windows programms starting from Vista
are ASLR enabled, while most 3rd party apps are not.
( including our Pelles C projects )

My guess is that AVs/Firewalls might fire cause of this lacking feature but its just a guess.
On the other hand i want to see how UAC deals with DEP/ASLR enabled apps.


Here is a note about DEP/ASLR combination:

Quote

Important Note   ASLR and DEP are only effective when used together; therefore ISVs should opt-in for both defenses (/DYNAMICBASE and /NXCOMPAT) for all binaries.

Source: http://msdn.microsoft.com/en-us/library/bb430720.aspx


This could help to embedd it into polink (or find a asm workaround ?):

Quote

(/dynamicbase)[21]. This compiler switch is responsible for setting a bit (0x40) in the DllCharacteristics that are defined within a binary.

Source: http://uninformed.org/index.cgi?v=9&a=4&p=6


Dirty Workaround:

I just reached to make ProcessExplorer mark my .exe ASLR enabled.

In my Pelles C Project i had to put link switch /FIXED:NO.
Then i used link.exe from Visual Studio Express:
link.exe /edit /dynamicbase myfile.exe

Source: http://blogs.technet.com/b/softienerd/archive/2012/03/09/changing-executable-dll-characteristics-flags-dynamicbase-nx-appcontainer.aspx



I really hope someone comes up with a better solution though.
Have fun :)

Title: Re: ASLR ?
Post by: TimoVJL on February 19, 2013, 01:55:55 PM

Small program to set ALSR-bit

Code: [Select]

/* PESetASLR.c */
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
//#include <winnt.h>
#include <stdio.h>

int ProcessFile(HANDLE hFile, PBYTE pMem);

int main(int argc, char **argv)
{
HANDLE hFile, hMapping;
VOID *pMem;

if (argc < 2) {
printf("Usage: PESetASLR.exe <file>\n");
return 1;
}
hFile = CreateFile(argv[1], GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
if (hFile != INVALID_HANDLE_VALUE) {
hMapping = CreateFileMapping(hFile, NULL, PAGE_READWRITE, 0, 0, NULL);
if (hMapping) {
pMem = MapViewOfFile(hMapping, FILE_MAP_WRITE, 0, 0, 0);
if (pMem) {
ProcessFile(hFile, pMem);
UnmapViewOfFile(pMem);
} else
printf("File open error");
CloseHandle(hMapping);
} else
printf("FileMapping error");
CloseHandle(hFile);
} else
printf("File open error");
return 0;
}

int ProcessFile(HANDLE hFile, PBYTE pMem)
{
PIMAGE_DOS_HEADER pDosHdr;
PIMAGE_NT_HEADERS pNTHeader;
PIMAGE_NT_HEADERS64 pNTHeader64;
DWORD nRelocs;

pDosHdr = (PIMAGE_DOS_HEADER)pMem;
if (pDosHdr->e_magic != IMAGE_DOS_SIGNATURE)
return 1;
pNTHeader = (PIMAGE_NT_HEADERS)(pMem+pDosHdr->e_lfanew);
pNTHeader64 = (PIMAGE_NT_HEADERS64)pNTHeader;
if (pNTHeader->OptionalHeader.DllCharacteristics & 0x0040) {
printf("ASLR bit already set\n");
return 1;
}
BOOL bIs64Bit = ( pNTHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC );
if (bIs64Bit) nRelocs = pNTHeader64->OptionalHeader.DataDirectory[5].Size;
else nRelocs = pNTHeader->OptionalHeader.DataDirectory[5].Size;
if (!nRelocs) {
printf("missing reloc section\n");
return 2;
}
pNTHeader->OptionalHeader.DllCharacteristics += 0x0040;
printf("ASLR bit set\n");
return 0;
}

Title: Re: ASLR ?
Post by: Tino on February 19, 2013, 02:18:58 PM

Thank you very much timo ! :) :) :)

Works perfectly !

Title: Re: ASLR ?
Post by: frankie on February 20, 2013, 02:43:37 PM

To produce ASLR executables set linker switch "/FIXED:NO", then use Timo program to turn on IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE flag in the PE OptionalHeader's DllCharacteristics field.
If Pelle will ever introduce the linker switch /DYNAMICBASE this would automatically done.
I suggest to use also the /NXCOMPAT linker switch to remove execute permission in data segments (first of all stack).

Title: Re: ASLR ?
Post by: Tino on February 21, 2013, 07:44:56 AM

Thank you frankie :)

Feature request created http://forum.pellesc.de/index.php?topic=5192.0

Have fun :)