Menu
For Windows 8 application certification, there are (among other) these requirements:
/SafeSEH flag to ensure safe exceptions handling/NXCOMPAT flag to prevent data execution/DYNAMICBASE flag for address space layout randomization (ASLR)I wasn't able to find out how to enable either of these in C++Builder XE.
For /NXCOMPAT and /DYNAMICBASE, one can use editbin.exe from VS or peflags.exe from Cygwin. Though I would feel more confident about possible side-effects, if there was native way to enable these.
Anyway, I'm totally at loss regarding /SafeSEH.
845
For details, see How to: Open Project Property Pages. Click the C/C++ folder. Click the Code Generation property page. Set Enable C++ Exceptions to Yes (/EHsc).
SafeSEH (Safe Structured Exception Handlers) is a Windows binary protection mechanism for 32-bit executables that has been around for a while now. When the option is enabled, the linker creates a list of valid exception handler addresses in the SEHandlerTable when the binary is being built.
Turn off SAFESEH by opening your project properties, going to Linker > Advanced and setting Image Has Safe Exception Handlers to No.
C++ try and catch:Exception handling in C++ consists of three keywords: try, throw and catch: The try statement allows you to define a block of code to be tested for errors while it is being executed. The throw keyword throws an exception when a problem is detected, which lets us create a custom error.
For the issue related to /NXCOMPAT and /DYNAMICBASE, I have created a request for the C++ Builder linker to support these flags here: https://quality.embarcadero.com/browse/RSP-13072
Using editbin.exe from Visual C++ is hardly an ideal solution, and their linker needs to support these flags natively.
UPDATE: An additional request has been created here for the C++ Builder / Delphi runtime files (DLLs/BPLs) to be distributed with these flags already set, so as to avoid having to use EDITBIN from Visual C++ to set them yourself: https://quality.embarcadero.com/browse/RSP-13231
21
First, /SafeSEH only applies to x86, not x64 or ARM. It requires that your compiler generate additional tables indicating the function addresses that are considered valid exception handlers for security reasons. There's a slim chance you could do this yourself, but it would require that you look at the fs:0 exception handling chain in your compiled assembly code and enumerate all addresses that are ever pushed on that chain, then describe them as documented here: http://msdn.microsoft.com/en-us/library/9a89h429(v=VS.80).aspx. There's a (slim) chance that your code doesn't actually have any handlers, and they're all in the C++Builder's runtime (might make it easy if the runtime is a separate DLL).
You should try to convince C++Builder to update their compiler to support SafeSEH. It's been around in the Windows platform since XP SP2, and plugs a pretty nasty security hole (exception handler addresses exist on the stack in x86, just waiting for a buffer overflow to put any random address there to be executed)
134
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
