Partilhar via


Protecting Your Code with Visual C++ Defenses

MSDN Magazine has just published an article I wrote that collects many of the various C and C++ defenses in the current Visual C++ compiler suite, all of these defenses are SDL requirements or recommendations.

Comments

  • Anonymous
    March 17, 2008
    PingBack from http://msdnrss.thecoderblogs.com/2008/03/17/protecting-your-code-with-visual-c-defenses/

  • Anonymous
    March 19, 2008
    The comment has been removed

  • Anonymous
    March 19, 2008
    Alex, you are totally correct. But in our experience, few people actual wrap ::new with an exception handler. So the app will quit!

  • Anonymous
    March 20, 2008
    The article says: "#define _CRT_SECURE_COPP_OVERLOAD_STANDARD_NAMES 1" Is this a typo? I think it's supposed to be _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES The same typo exists in http://blogs.msdn.com/michael_howard/archive/2005/02/03/366625.aspx

  • Anonymous
    March 24, 2008
    Drew, I'll get it fixed - thanks

  • Anonymous
    April 05, 2008
    Michael, I didn't know that ASLR is available for people outside MS as well. So how do I go about a Dr.Watson Log and my map files if I use /DynamicBase. Isn't then a map file just useless because my DLLs' preferred load addresses are ignored because I use ASLR? What happens if I have two processes that load the same DLLs, everything built with /DynamicBase. Will these two processes actually share the pages containing code in the DLLs or will they have different copies of these pages? Or did I miss something entirely?