AGB  ·  Datenschutz  ·  Impressum  







Anmelden
Nützliche Links
Registrieren
Zurück Delphi-PRAXiS Delphi-PRAXiS - Lounge Delphi-News aus aller Welt RAD Studio 11.1 and Windows PE Security Flags
Thema durchsuchen
Ansicht
Themen-Optionen

RAD Studio 11.1 and Windows PE Security Flags

Ein Thema von DP News-Robot · begonnen am 25. Mär 2022
Antwort Antwort
Benutzerbild von DP News-Robot
DP News-Robot

Registriert seit: 4. Jun 2010
15.473 Beiträge
 
#1

RAD Studio 11.1 and Windows PE Security Flags

  Alt 25. Mär 2022, 11:30
Delphi has long had some support for ASLR and some of the other recommended Windows security flags. In the recent 11.1 release, Embarcadero made it easier to use those flags in both Delphi and C++Builder, by surfacing specific linker options, enabling them by default, and also building packages and applications that are part of RAD Studio with those flags enabled.

More on these Windows*PE Flags

Data Execution Prevention (DEP)

Allows the system to mark one or more pages of memory as non-executable preventing code from running from these regions of memory, making it harder to exploit buffer overruns. You can read more about it in the Microsoft documentation here.

Address Space Layout Randomization (ASLR)

Randomly arranges the address space positions of key data areas of a process, including the base of the executable and the positions of the stack, heap and libraries. Prevents exploitation of memory corruption vulnerabilities. You can read more about ASLR on Wikipedia.

High-entropy 64-bit ASLR (Only in 64-bit applications)

Allows ASLR to use the entire 64-bit address space, as you can read here.

Terminal Services

Create Terminal Server aware (TSAWARE) applications. This is not related with security and covered by Microsoft here.

RAD Studio Improved Support

While compiler flags existed before, the RAD Studio IDE now exposes these flags as linker options. You can see below the settings for Delphi and C++ Windows compilers (thanks for the images to Jim McKeeth)





A Couple*of Caveats

The*ASLR compiler configuration works as expected for Delphi applications that use runtime package. For programs that link in libraries in the executable, there is a conflict with the way programs refer to delayed loaded DLL functions, which is preventing the expected behavior. This is an issue Embarcadero found after the release and would provide a fix for in the (near) future.

As you can see below, for an app with runtime packages, you get the proper configuration, as shown by SysInternals Process Explorer:



In general notice that these flags enforce security and there is a chance that an application using low-level code might not work any more. For example, we discovered that some old ActiveX control don't work in the IDE any more, due to a conflict with the DEP flag.

If you see any issue in your applications, you can disable these flags, but we recommend looking into the underlying issue, as some companies as starting to require that all of the software they use is built with all of the Microsoft recommended security flags enabled.



Weiterlesen...
  Mit Zitat antworten Zitat
Antwort Antwort


Forumregeln

Es ist dir nicht erlaubt, neue Themen zu verfassen.
Es ist dir nicht erlaubt, auf Beiträge zu antworten.
Es ist dir nicht erlaubt, Anhänge hochzuladen.
Es ist dir nicht erlaubt, deine Beiträge zu bearbeiten.

BB-Code ist an.
Smileys sind an.
[IMG] Code ist an.
HTML-Code ist aus.
Trackbacks are an
Pingbacks are an
Refbacks are aus

Gehe zu:

Impressum · AGB · Datenschutz · Nach oben
Alle Zeitangaben in WEZ +1. Es ist jetzt 22:04 Uhr.
Powered by vBulletin® Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO © 2011, Crawlability, Inc.
Delphi-PRAXiS (c) 2002 - 2023 by Daniel R. Wolf, 2024 by Thomas Breitkreuz