在C ++ Builder中启用安全异常处理 [英] Enable Safe Exception Handling in C++ Builder

问题描述

对于Windows 8应用程序认证，有（以及其他）这些要求：

For Windows 8 application certification, there are (among other) these requirements:

• 3.2您的应用程序必须使用 / SafeSEH 标志以确保安全的异常处理


• 3.3您的应用程序必须使用 / NXCOMPAT 标志以防止数据执行


• 3.4您的应用程序必须使用 / DYNAMICBASE 标记进行编译，用于地址空间布局随机化（ASLR ）

• 3.2 Your app must be compiled using the /SafeSEH flag to ensure safe exceptions handling
• 3.3 Your app must be compiled using the /NXCOMPAT flag to prevent data execution
• 3.4 Your app must be compiled using the /DYNAMICBASE flag for address space layout randomization (ASLR)

我无法找到如何在C ++ Builder XE中启用其中的任何一个。

I wasn't able to find out how to enable either of these in C++Builder XE.

对于 / NXCOMPAT 和 / DYNAMICBASE ，可以使用 editbin.exe 从VS或 peflags.exe 从Cygwin。虽然我会对可能的副作用感到更有信心，如果有本土的方式启用这些。

For /NXCOMPAT and /DYNAMICBASE, one can use editbin.exe from VS or peflags.exe from Cygwin. Though I would feel more confident about possible side-effects, if there was native way to enable these.

无论如何，我完全失去了 / SafeSEH 。

Anyway, I'm totally at loss regarding /SafeSEH.

推荐答案

首先，/ SafeSEH仅适用于x86，而不适用于x64或ARM。它需要您的编译器生成额外的表，指示由于安全原因被认为是有效的异常处理程序的函数地址。有一个很小的机会，你可以自己做这个，但它需要你看看你编译的汇编代码中的 fs：0 异常处理链，并枚举所有的地址推送到那个链上，然后在这里描述它们： http://msdn.microsoft.com/en-us/library/9a89h429（v = VS.80）.aspx 。你的代码实际上并没有任何处理程序（这是一个很小的机会），它们都在C ++ Builder的运行时间（如果运行时是一个单独的DLL，可能会很容易）。

First, /SafeSEH only applies to x86, not x64 or ARM. It requires that your compiler generate additional tables indicating the function addresses that are considered valid exception handlers for security reasons. There's a slim chance you could do this yourself, but it would require that you look at the fs:0 exception handling chain in your compiled assembly code and enumerate all addresses that are ever pushed on that chain, then describe them as documented here: http://msdn.microsoft.com/en-us/library/9a89h429(v=VS.80).aspx. There's a (slim) chance that your code doesn't actually have any handlers, and they're all in the C++Builder's runtime (might make it easy if the runtime is a separate DLL).

您应该尝试说服C ++ Builder更新其编译器以支持SafeSEH。它已经在Windows XP平台上，因为XP SP2，并插入了一个非常讨厌的安全漏洞（异常处理程序地址存在于x86中的堆栈，只是等待缓冲区溢出将任何随机地址放在那里执行）

You should try to convince C++Builder to update their compiler to support SafeSEH. It's been around in the Windows platform since XP SP2, and plugs a pretty nasty security hole (exception handler addresses exist on the stack in x86, just waiting for a buffer overflow to put any random address there to be executed)

这篇关于在C ++ Builder中启用安全异常处理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！