Protecting Your Code with Visual C++ Defenses
MSDN Magazine has just published an article I wrote that collects many of the various C and C++ defenses in the current Visual C++ compiler suite, all of these defenses are SDL requirements or recommendations.
Comments
Anonymous
March 17, 2008
PingBack from http://msdnrss.thecoderblogs.com/2008/03/17/protecting-your-code-with-visual-c-defenses/Anonymous
March 19, 2008
The comment has been removedAnonymous
March 19, 2008
Alex, you are totally correct. But in our experience, few people actual wrap ::new with an exception handler. So the app will quit!Anonymous
March 20, 2008
The article says: "#define _CRT_SECURE_COPP_OVERLOAD_STANDARD_NAMES 1" Is this a typo? I think it's supposed to be _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES The same typo exists in http://blogs.msdn.com/michael_howard/archive/2005/02/03/366625.aspxAnonymous
March 24, 2008
Drew, I'll get it fixed - thanksAnonymous
April 05, 2008
Michael, I didn't know that ASLR is available for people outside MS as well. So how do I go about a Dr.Watson Log and my map files if I use /DynamicBase. Isn't then a map file just useless because my DLLs' preferred load addresses are ignored because I use ASLR? What happens if I have two processes that load the same DLLs, everything built with /DynamicBase. Will these two processes actually share the pages containing code in the DLLs or will they have different copies of these pages? Or did I miss something entirely?