NO

Author Topic: ASLR ?  (Read 8102 times)

Tino

  • Guest
ASLR ?
« on: February 18, 2013, 11:05:25 PM »
Hi Forum :)

Is there any way to enable ASLR in Pelles C Projects ?

Maybe some inline assembler ?

Thank you :)

Offline Bitbeisser

  • Global Moderator
  • Member
  • *****
  • Posts: 772
Re: ASLR ?
« Reply #1 on: February 19, 2013, 08:49:32 AM »
Hi Forum :)

Is there any way to enable ASLR in Pelles C Projects ?

Maybe some inline assembler ?

Thank you :)
I am not sure what exactly you are talking about by just throwing around a 4 letter wordabbreviation, but the ASLR that I know (meaning Address Space Layout Randomization) is an OS memory management feature, not anything compiler specific...  :-\

Ralf

Tino

  • Guest
Re: ASLR ?
« Reply #2 on: February 19, 2013, 11:01:37 AM »
Hello Ralf :)

Yes, Address Space Layout Randomization is my target.

Visual C++ got the /DYNAMICBASE[:NO] to mark a programm ASLR enabled
without that switch Windows won t use ASLR.

Try ProcessExplorer and set View to ASLR,
you can see that nearly all windows programms starting from Vista
are ASLR enabled, while most 3rd party apps are not.
( including our Pelles C projects )

My guess is that AVs/Firewalls might fire cause of this lacking feature but its just a guess.
On the other hand i want to see how UAC deals with DEP/ASLR enabled apps.


Here is a note about DEP/ASLR combination:
Quote
Important Note   ASLR and DEP are only effective when used together; therefore ISVs should opt-in for both defenses (/DYNAMICBASE and /NXCOMPAT) for all binaries.
Source: http://msdn.microsoft.com/en-us/library/bb430720.aspx


This could help to embedd it into polink (or find a asm workaround ?):
Quote
(/dynamicbase)[21]. This compiler switch is responsible for setting a bit (0x40) in the DllCharacteristics that are defined within a binary.
Source: http://uninformed.org/index.cgi?v=9&a=4&p=6


Dirty Workaround:

I just reached to make ProcessExplorer mark my .exe ASLR enabled.

In my Pelles C Project i had to put link switch /FIXED:NO.
Then i used link.exe from Visual Studio Express:
link.exe /edit /dynamicbase myfile.exe

Source: http://blogs.technet.com/b/softienerd/archive/2012/03/09/changing-executable-dll-characteristics-flags-dynamicbase-nx-appcontainer.aspx



I really hope someone comes up with a better solution though.
Have fun :)
« Last Edit: February 19, 2013, 01:32:36 PM by Tino »

Offline TimoVJL

  • Global Moderator
  • Member
  • *****
  • Posts: 2115
Re: ASLR ?
« Reply #3 on: February 19, 2013, 01:55:55 PM »
Small program to set ALSR-bit
Code: [Select]
/* PESetASLR.c */
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
//#include <winnt.h>
#include <stdio.h>

int ProcessFile(HANDLE hFile, PBYTE pMem);

int main(int argc, char **argv)
{
HANDLE hFile, hMapping;
VOID *pMem;

if (argc < 2) {
printf("Usage: PESetASLR.exe <file>\n");
return 1;
}
hFile = CreateFile(argv[1], GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
if (hFile != INVALID_HANDLE_VALUE) {
hMapping = CreateFileMapping(hFile, NULL, PAGE_READWRITE, 0, 0, NULL);
if (hMapping) {
pMem = MapViewOfFile(hMapping, FILE_MAP_WRITE, 0, 0, 0);
if (pMem) {
ProcessFile(hFile, pMem);
UnmapViewOfFile(pMem);
} else
printf("File open error");
CloseHandle(hMapping);
} else
printf("FileMapping error");
CloseHandle(hFile);
} else
printf("File open error");
return 0;
}

int ProcessFile(HANDLE hFile, PBYTE pMem)
{
PIMAGE_DOS_HEADER pDosHdr;
PIMAGE_NT_HEADERS pNTHeader;
PIMAGE_NT_HEADERS64 pNTHeader64;
DWORD nRelocs;

pDosHdr = (PIMAGE_DOS_HEADER)pMem;
if (pDosHdr->e_magic != IMAGE_DOS_SIGNATURE)
return 1;
pNTHeader = (PIMAGE_NT_HEADERS)(pMem+pDosHdr->e_lfanew);
pNTHeader64 = (PIMAGE_NT_HEADERS64)pNTHeader;
if (pNTHeader->OptionalHeader.DllCharacteristics & 0x0040) {
printf("ASLR bit already set\n");
return 1;
}
BOOL bIs64Bit = ( pNTHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC );
if (bIs64Bit) nRelocs = pNTHeader64->OptionalHeader.DataDirectory[5].Size;
else nRelocs = pNTHeader->OptionalHeader.DataDirectory[5].Size;
if (!nRelocs) {
printf("missing reloc section\n");
return 2;
}
pNTHeader->OptionalHeader.DllCharacteristics += 0x0040;
printf("ASLR bit set\n");
return 0;
}
« Last Edit: February 19, 2013, 06:27:30 PM by timovjl »
May the source be with you

Tino

  • Guest
Re: ASLR ?
« Reply #4 on: February 19, 2013, 02:18:58 PM »
Thank you very much timo ! :) :) :)

Works perfectly !

Offline frankie

  • Global Moderator
  • Member
  • *****
  • Posts: 2113
Re: ASLR ?
« Reply #5 on: February 20, 2013, 02:43:37 PM »
To produce ASLR executables set linker switch "/FIXED:NO", then use Timo program to turn on IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE flag in the PE OptionalHeader's DllCharacteristics field.
If Pelle will ever introduce the linker switch /DYNAMICBASE this would automatically done.
I suggest to use also the /NXCOMPAT linker switch to remove execute permission in data segments (first of all stack).
"It is better to be hated for what you are than to be loved for what you are not." - Andre Gide

Tino

  • Guest
Re: ASLR ?
« Reply #6 on: February 21, 2013, 07:44:56 AM »
Thank you frankie :)

Feature request created http://forum.pellesc.de/index.php?topic=5192.0

Have fun :)