Protecting Your Code with Visual C++ Defenses


MSDN Magazine has just published an article I wrote that collects many of the various C and C++ defenses in the current Visual C++ compiler suite, all of these defenses are SDL requirements or recommendations.

Comments (6)

  1. Alex says:

    Michael, thanks for the article.

    I have one question though. Your article says that all C++ compiler defences terminate the program if they fail. However from assembly code for operator new it looks like this one won’t actually kill the process but rather throw bad_alloc. Is that the case?

  2. Alex, you are totally correct. But in our experience, few people actual wrap ::new with an exception handler. So the app will quit!

  3. Drew says:

    The article says:

    "#define _CRT_SECURE_COPP_OVERLOAD_STANDARD_NAMES 1"

    Is this a typo? I think it’s supposed to be _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES

    The same typo exists in http://blogs.msdn.com/michael_howard/archive/2005/02/03/366625.aspx

  4. Drew, I’ll get it fixed – thanks

  5. Stefan Kuhr says:

    Michael,

    I didn’t know that ASLR is available for people outside MS as well. So how do I go about a Dr.Watson Log and my map files if I use /DynamicBase. Isn’t then a map file just useless because my DLLs’ preferred load addresses are ignored because I use ASLR? What happens if I have two processes that load the same DLLs, everything built with /DynamicBase. Will these two processes actually share the pages containing code in the DLLs or will they have different copies of these pages? Or did I miss something entirely?

Skip to main content