Adobe Acrobat 9 - Creamy Security Goodness (on Vista / WS2008)
So I noticed yesterday that Adobe had quietly released Acrobat 9 to the web. I decided to download it and check it out to see if they had finally gotten a copy of memo (it's just that we're putting cover sheets on all of our TPS reports now) and decided to start opting in to some of the exploit prevention technologies we provide on Vista / WS2008 (like Apple has with QuickTime).
Well folks - I am super pleased to report - Adobe has finally gotten serious and released a version of Acrobat that supports not only DEP in permanent mode - but also ASLR! (Now if we could just convince people that Vista isn't all the suck that the media hypes it up to be so that they would install it and get the benefit of ASLR).
So a huge round of applause for Adobe please - even though opting in to these features involves just a couple of additional linker switches - it's certainly not that easy in reality and could have involved switching compilers, performing lots of additional testing, working with 3rd parties to make sure their additions / plug-ins still work or will work, etc. etc.
Anyhoo - here's the gory details from the linker:
C:\Program Files (x86)\Adobe\Reader 9.0\Reader>dumpbin /headers AcroRd32.exe
Microsoft (R) COFF/PE Dumper Version 9.00.21022.08
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file AcroRd32.exe
PE signature found
File Type: EXECUTABLE IMAGE
FILE HEADER VALUES
14C machine (x86)
5 number of sections
4850F0A3 time date stamp Thu Jun 12 05:47:15 2008
0 file pointer to symbol table
0 number of symbols
E0 size of optional header
102 characteristics
Executable
32 bit word machine
OPTIONAL HEADER VALUES
10B magic # (PE32)
8.00 linker version
4000 size of code
4F000 size of initialized data
0 size of uninitialized data
4054 entry point (00404054)
1000 base of code
5000 base of data
400000 image base (00400000 to 00453FFF)
1000 section alignment
1000 file alignment
4.00 operating system version
0.00 image version
4.00 subsystem version
0 Win32 version
54000 size of image
1000 size of headers
56920 checksum
2 subsystem (Windows GUI)
140 DLL characteristics
Dynamic base // ASLR! W00T!!!
NX compatible // DEP (Permanent) W00T!!!
100000 size of stack reserve
1000 size of stack commit
100000 size of heap reserve
1000 size of heap commit
0 loader flags
10 number of directories
0 [ 0] RVA [size] of Export Directory
795C [ 8C] RVA [size] of Import Directory
A000 [ 48F54] RVA [size] of Resource Directory
0 [ 0] RVA [size] of Exception Directory
54000 [ 1568] RVA [size] of Certificates Directory
53000 [ 69C] RVA [size] of Base Relocation Directory
5270 [ 1C] RVA [size] of Debug Directory
0 [ 0] RVA [size] of Architecture Directory
0 [ 0] RVA [size] of Global Pointer Directory
0 [ 0] RVA [size] of Thread Storage Directory
71E0 [ 40] RVA [size] of Load Configuration Directory
0 [ 0] RVA [size] of Bound Import Directory
5000 [ 234] RVA [size] of Import Address Table Directory
0 [ 0] RVA [size] of Delay Import Directory
0 [ 0] RVA [size] of COM Descriptor Directory
0 [ 0] RVA [size] of Reserved Directory
Comments
Anonymous
January 01, 2003
The comment has been removedAnonymous
January 01, 2003
... lascio a voi dare una risposta, dopo aver letto i due post che vi propongo di seguito. Il primo èAnonymous
January 01, 2003
The comment has been removedAnonymous
January 01, 2003
The comment has been removed