welcome aloishammer
i'm afraid i'm totally ignorant about ASLR and Perma-DEP. could you point me to something gentle i could read and maybe elaborate a little on why you think this would be useful?
-mouser
I don't know what you'd consider "gentle". Microsoft seems to have gone out of their way to confuse anyone attempting to use either CPU-based or compiler-based software protection techniques.
There's an MSDN article
here that explains some of the code protection techniques MSVC offers. Unfortunately, Microsoft can't decide whether it's Address Space Layout Randomization (ASLR) or "dynamic base" or "image randomization". Also, while they differentiate between the NX execute-protection CPU instruction and "SafeSEH" in the article, Windows does
not. Windows offers "Data Execution Prevention", occasionally calls it NX (as in the NT6 bootloader), and combines both NX and "SafeSEH" for anything selected for protection with "DEP".
Wikipedia may actually be a considerably better reference:
http://en.wikipedia....Execution_Preventionhttp://en.wikipedia....on#Microsoft_WindowsThe extremely short version I can offer: the NX instruction is used to mark memory ranges as non-executable; if someone successfully inserts malicious instructions into an NX-marked data (non-code) area and successfully sets the instruction pointer there, the CPU should throw an exception and refuse to execute the non-code.
SafeSEH is next to worthless, but very good at breaking applications that weren't compiled for it. This is why "DEP" was introduced in WinXPSP2, but Win7 still doesn't enable it by default, and I assume 7SP1 won't, either.
ASLR, depending on exact implementation (Windows' is partial for performance reasons), can place various code *and* data into totally random memory address ranges. This way, anyone successfully injecting malicious code into the in-RAM, executing image of your app will either be unable to reliably predict where the malicious code went, and thus be unable to set the instruction pointer to it, or will have to work considerably harder to locate and execute it.
These are the two big ones: the MSDN article mentions one or two other code protection techniques (mostly free just by enabling switches in MSVC), but most focus ends up on "DEP", NX, ASLR.
Major caveat: ASLR on Win32 gives you only a 3.2-3.5GB address space to search, so it's very close to not worth doing. This is part of the reason I'm asking for a native Win64 build.
Wrap-up: assuming you're using MSVC, and at least 2005SP1, or that you can/could build with MSVC Express (free), NX, ASLR, and the other techniques mentioned in the MSDN article are effectively free; it should be a matter of switching on flags when building your project.
Postscript: From my testing, I don't think you'd need any recoding. I've been experimenting with Microsoft's
EMET 2.0 release: FARR2 and DCU are reported as running with full EMET-enforced protections and display no abnormalities.