NO

Author Topic: ASLR ?  (Read 4324 times)

Tino

  • Guest
ASLR ?
« on: February 18, 2013, 11:05:25 pm »
Hi Forum :)

Is there any way to enable ASLR in Pelles C Projects ?

Maybe some inline assembler ?

Thank you :)

Offline Bitbeisser

  • Global Moderator
  • Member
  • *****
  • Posts: 761
Re: ASLR ?
« Reply #1 on: February 19, 2013, 08:49:32 am »
Hi Forum :)

Is there any way to enable ASLR in Pelles C Projects ?

Maybe some inline assembler ?

Thank you :)
I am not sure what exactly you are talking about by just throwing around a 4 letter wordabbreviation, but the ASLR that I know (meaning Address Space Layout Randomization) is an OS memory management feature, not anything compiler specific...  :-\

Ralf

Tino

  • Guest
Re: ASLR ?
« Reply #2 on: February 19, 2013, 11:01:37 am »
Hello Ralf :)

Yes, Address Space Layout Randomization is my target.

Visual C++ got the /DYNAMICBASE[:NO] to mark a programm ASLR enabled
without that switch Windows won t use ASLR.

Try ProcessExplorer and set View to ASLR,
you can see that nearly all windows programms starting from Vista
are ASLR enabled, while most 3rd party apps are not.
( including our Pelles C projects )

My guess is that AVs/Firewalls might fire cause of this lacking feature but its just a guess.
On the other hand i want to see how UAC deals with DEP/ASLR enabled apps.


Here is a note about DEP/ASLR combination:
Quote
Important Note   ASLR and DEP are only effective when used together; therefore ISVs should opt-in for both defenses (/DYNAMICBASE and /NXCOMPAT) for all binaries.
Source: http://msdn.microsoft.com/en-us/library/bb430720.aspx


This could help to embedd it into polink (or find a asm workaround ?):
Quote
(/dynamicbase)[21]. This compiler switch is responsible for setting a bit (0x40) in the DllCharacteristics that are defined within a binary.
Source: http://uninformed.org/index.cgi?v=9&a=4&p=6


Dirty Workaround:

I just reached to make ProcessExplorer mark my .exe ASLR enabled.

In my Pelles C Project i had to put link switch /FIXED:NO.
Then i used link.exe from Visual Studio Express:
link.exe /edit /dynamicbase myfile.exe

Source: http://blogs.technet.com/b/softienerd/archive/2012/03/09/changing-executable-dll-characteristics-flags-dynamicbase-nx-appcontainer.aspx



I really hope someone comes up with a better solution though.
Have fun :)
« Last Edit: February 19, 2013, 01:32:36 pm by Tino »

Offline TimoVJL

  • Global Moderator
  • Member
  • *****
  • Posts: 1883
Re: ASLR ?
« Reply #3 on: February 19, 2013, 01:55:55 pm »
Small program to set ALSR-bit
Code: [Select]
/* PESetASLR.c */
#define WIN32_LEAN_AND_MEAN
#include <windows.h>
//#include <winnt.h>
#include <stdio.h>

int ProcessFile(HANDLE hFile, PBYTE pMem);

int main(int argc, char **argv)
{
HANDLE hFile, hMapping;
VOID *pMem;

if (argc < 2) {
printf("Usage: PESetASLR.exe <file>\n");
return 1;
}
hFile = CreateFile(argv[1], GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
if (hFile != INVALID_HANDLE_VALUE) {
hMapping = CreateFileMapping(hFile, NULL, PAGE_READWRITE, 0, 0, NULL);
if (hMapping) {
pMem = MapViewOfFile(hMapping, FILE_MAP_WRITE, 0, 0, 0);
if (pMem) {
ProcessFile(hFile, pMem);
UnmapViewOfFile(pMem);
} else
printf("File open error");
CloseHandle(hMapping);
} else
printf("FileMapping error");
CloseHandle(hFile);
} else
printf("File open error");
return 0;
}

int ProcessFile(HANDLE hFile, PBYTE pMem)
{
PIMAGE_DOS_HEADER pDosHdr;
PIMAGE_NT_HEADERS pNTHeader;
PIMAGE_NT_HEADERS64 pNTHeader64;
DWORD nRelocs;

pDosHdr = (PIMAGE_DOS_HEADER)pMem;
if (pDosHdr->e_magic != IMAGE_DOS_SIGNATURE)
return 1;
pNTHeader = (PIMAGE_NT_HEADERS)(pMem+pDosHdr->e_lfanew);
pNTHeader64 = (PIMAGE_NT_HEADERS64)pNTHeader;
if (pNTHeader->OptionalHeader.DllCharacteristics & 0x0040) {
printf("ASLR bit already set\n");
return 1;
}
BOOL bIs64Bit = ( pNTHeader->OptionalHeader.Magic == IMAGE_NT_OPTIONAL_HDR64_MAGIC );
if (bIs64Bit) nRelocs = pNTHeader64->OptionalHeader.DataDirectory[5].Size;
else nRelocs = pNTHeader->OptionalHeader.DataDirectory[5].Size;
if (!nRelocs) {
printf("missing reloc section\n");
return 2;
}
pNTHeader->OptionalHeader.DllCharacteristics += 0x0040;
printf("ASLR bit set\n");
return 0;
}
« Last Edit: February 19, 2013, 06:27:30 pm by timovjl »
May the source be with you

Tino

  • Guest
Re: ASLR ?
« Reply #4 on: February 19, 2013, 02:18:58 pm »
Thank you very much timo ! :) :) :)

Works perfectly !

Offline frankie

  • Global Moderator
  • Member
  • *****
  • Posts: 1732
Re: ASLR ?
« Reply #5 on: February 20, 2013, 02:43:37 pm »
To produce ASLR executables set linker switch "/FIXED:NO", then use Timo program to turn on IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE flag in the PE OptionalHeader's DllCharacteristics field.
If Pelle will ever introduce the linker switch /DYNAMICBASE this would automatically done.
I suggest to use also the /NXCOMPAT linker switch to remove execute permission in data segments (first of all stack).

Tino

  • Guest
Re: ASLR ?
« Reply #6 on: February 21, 2013, 07:44:56 am »
Thank you frankie :)

Feature request created http://forum.pellesc.de/index.php?topic=5192.0

Have fun :)