Enable ASLR and DEP in NSIS Script

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • hccbharath
    Junior Member
    • Sep 2022
    • 1
    #1

    Enable ASLR and DEP in NSIS Script

    Hi All,

    I am using the NSIS script to generate a '.exe' file. The generated '.exe' file fails the security review as the '.exe' doesn't have the ASLR and DEP values enabled when using the following
    command "Get-PESecurity'

    Could someone help me to understand how to get those enabled which generate the executables?

    Any help would be appreciated
    Tags: aslr, dep
  • Anders
    Moderator
    • Jun 2002
    • 5643
    #2
    I don't know what "Get-PESecurity" is but we are already setting those flags.

    PHP Code:
    #For testing, uncomment this: PEDllCharacteristics 0x0040 0x100 ; Force ASLR on and DEP off
    Section
    System    ::Call 'KERNEL32::GetModuleHandle(p0)p.r1'
    ReadMemory $$1 0x3C000004
    IntPtrOp     $$+ $PE
    IntPtrOp     $$24 IOH
    IntPtrOp     $$70 DllCharacteristics
    ReadMemory     $$2 4
    !macro testflag n f
            !include LogicLib.nsh
        StrCpy     $4 No
            ${IfThen} $& ${f} ${|} StrCpy $4 Yes ${|}
            DetailPrint "${n}: $4"
    !macroend
    !insertmacro testflag IMAGE_DLLCHARACTERISTICS_NX_COMPAT 0x0100 DEP
    !insertmacro testflag IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE 0x0040 ASLR
    !if "${NSIS_PTR_SIZE}4
    !insertmacro testflag IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA 0x0020 64-bit "extended" ASLR
    !endif

    DetailPrint ""
    !define PROCESS_DEP_ENABLE 0x00000001
    System    ::Call 'KERNEL32::GetCurrentProcess()p.r0'
    System::Call 'KERNEL32::GetProcessDEPPolicy(pr0, *i0r3, *i0r2)i.r0'
    DetailPrint "GetProcessDEPPolicy: Success=$0 Permanent=$2 Flags=$3"
    !insertmacro testflag PROCESS_DEP_ENABLE ${PROCESS_DEP_ENABLE}
    SectionEnd 
    IntOp $PostCount $PostCount + 1

    Comment

    Previous template Next
    Working...
    X