Freigeben über


Adobe Acrobat 9 - Creamy Security Goodness (on Vista / WS2008)

So I noticed yesterday that Adobe had quietly released Acrobat 9 to the web.  I decided to download it and check it out to see if they had finally gotten a copy of memo (it's just that we're putting cover sheets on all of our TPS reports now) and decided to start opting in to some of the exploit prevention technologies we provide on Vista / WS2008 (like Apple has with QuickTime). 

Well folks - I am super pleased to report - Adobe has finally gotten serious and released a version of Acrobat that supports not only DEP in permanent mode - but also ASLR!  (Now if we could just convince people that Vista isn't all the suck that the media hypes it up to be so that they would install it and get the benefit of ASLR).

So a huge round of applause for Adobe please - even though opting in to these features involves just a couple of additional linker switches - it's certainly not that easy in reality and could have involved switching compilers, performing lots of additional testing, working with 3rd parties to make sure their additions / plug-ins still work or will work, etc. etc.

Anyhoo - here's the gory details from the linker:
C:\Program Files (x86)\Adobe\Reader 9.0\Reader>dumpbin /headers AcroRd32.exe

Microsoft (R) COFF/PE Dumper Version 9.00.21022.08

Copyright (C) Microsoft Corporation. All rights reserved.

Dump of file AcroRd32.exe

PE signature found

File Type: EXECUTABLE IMAGE

FILE HEADER VALUES

             14C machine (x86)

               5 number of sections

        4850F0A3 time date stamp Thu Jun 12 05:47:15 2008

               0 file pointer to symbol table

               0 number of symbols

              E0 size of optional header

             102 characteristics

                   Executable

                   32 bit word machine

OPTIONAL HEADER VALUES

             10B magic # (PE32)

            8.00 linker version

       4000 size of code

           4F000 size of initialized data

               0 size of uninitialized data

            4054 entry point (00404054)

            1000 base of code

            5000 base of data

          400000 image base (00400000 to 00453FFF)

            1000 section alignment

            1000 file alignment

            4.00 operating system version

            0.00 image version

            4.00 subsystem version

               0 Win32 version

           54000 size of image

            1000 size of headers

           56920 checksum

               2 subsystem (Windows GUI)

             140 DLL characteristics

                   Dynamic base // ASLR! W00T!!!

                   NX compatible // DEP (Permanent) W00T!!!

          100000 size of stack reserve

            1000 size of stack commit

          100000 size of heap reserve

            1000 size of heap commit

               0 loader flags

              10 number of directories

               0 [ 0] RVA [size] of Export Directory

            795C [ 8C] RVA [size] of Import Directory

            A000 [ 48F54] RVA [size] of Resource Directory

               0 [ 0] RVA [size] of Exception Directory

           54000 [ 1568] RVA [size] of Certificates Directory

       53000 [ 69C] RVA [size] of Base Relocation Directory

            5270 [ 1C] RVA [size] of Debug Directory

               0 [ 0] RVA [size] of Architecture Directory

               0 [ 0] RVA [size] of Global Pointer Directory

               0 [ 0] RVA [size] of Thread Storage Directory

            71E0 [ 40] RVA [size] of Load Configuration Directory

               0 [ 0] RVA [size] of Bound Import Directory

            5000 [ 234] RVA [size] of Import Address Table Directory

               0 [ 0] RVA [size] of Delay Import Directory

               0 [ 0] RVA [size] of COM Descriptor Directory

               0 [ 0] RVA [size] of Reserved Directory

Comments

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    ... lascio a voi dare una risposta, dopo aver letto i due post che vi propongo di seguito. Il primo è

  • Anonymous
    January 01, 2003
    The comment has been removed

  • Anonymous
    January 01, 2003
    The comment has been removed