Compatibility testing: DEP, ASLR, SEHOP

Started by Jeremy Collake, July 28, 2012, 03:48:36 AM

Previous topic - Next topic

Jeremy Collake

Thanks to Microsoft's new Enhanced Mitigation Experience Toolkit v3.0 developers (and users) can further secure their systems by forcing certain technologies on. For instance, you can now not only configure your PC to always check processes for DEP, but also force SEHOP. Why turn this on? Well, it protects your Structured Exception Handler chain from being over-written, which is the backing method for a large number of recent exploits (now that buffer overflows have largely been taken care of).

Process Lasso runs perfectly with DEP (Data Execution Protection - hardware and/or software based) and SEHOP (Structured Exception Handler Overwrite Protection). It also works with ASLR (Address Space Layout Randomization) and SAFESEH (Defined SEH Handlers Only Allowed), though not all builds yet make use of these latter two technologies since a single module not supporting them disables them for the whole process instance. Still, as we migrate to a certain game plan, we'll be further hardening even our application against any sort of malicious attacks. Third party vendors often overlook their own software as a breachable point in the OS, and we're determined not to do that.
Software Engineer. Bitsum LLC.