在Windows中进行堆随机化 [英] Heap randomization in Windows
问题描述
Windows 7具有堆随机化和堆叠随机化功能。我该如何管理?它们如何影响我的应用程序的性能?在哪里可以找到更多的信息如何工作?
Windows 7 has Heap randomization and Stack randomization features. How could I manage it? How they are affects performance of my application? Where I could find more information on how it works?
我使用Visual Studio 2008开发C ++程序。
I'm using Visual Studio 2008 for developing C++ programs. I can't find any compiler's options for that features.
推荐答案
Ok,Heap随机化和Stack随机化都是Windows的功能,以在链接时为每个进程显式地启用。 Mark Russinovich描述了在他的第5个Windows内部书中如何工作。
Ok, Heap randomization and Stack randomization are Windows features, but have to be explicitly enabled for each process at link time. Mark Russinovich described how it is work in his 5-th Windows Internals book.
堆栈随机化包括首先选择由64 KB或256 KB分隔的32个可能的堆栈位置之一。通过找到第一适当的空闲存储器区域然后选择第x可用区域来选择该基本地址,其中基于当前处理器的TSC再次产生 x < ...>
Stack randomization consists of first selecting one of 32 possible stack locations separated by either 64 KB or 256 KB. This base address is selected by finding the first appropriate free memory region and then choosing the xth available region, where x is once again generated based on the current processor's TSC shifted and masked into a 5-bit value.<...>
最后,ASLR在用户模式下创建时随机化初始进程堆(以及后续堆)的位置。 RtlCreateHeap 函数使用另一个伪随机,TSC派生的值来确定堆的基地址。此值(本次为5位)乘以64 KB以生成从0开始的最终基址,为初始堆提供可能的范围0x00000000至0x001F0000。此外,如果攻击正在对整个可能的堆地址范围进行强制扫描,则会手动释放堆基地址之前的范围,以试图强制访问冲突。
Finally, ASLR randomizes the location of the initial process heap (and subsequent heaps) when created in user mode. The RtlCreateHeap function uses another pseudo-random, TSC-derived value to determine the base address of the heap. This value, 5 bits this time, is multiplied by 64 KB to generate the final base address, starting at 0, giving a possible range of 0x00000000 to 0x001F0000 for the initial heap. Additionally, the range before the heap base address is manually deallocated in an attempt to force an access violation if an attack is doing a brute-force sweep of the entire possible heap address range.
这篇关于在Windows中进行堆随机化的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
