Search found 1951 matches

by deltarho[1859]
Oct 13, 2019 5:20
Forum: General
Topic: ASLR
Replies: 63
Views: 1113

Re: ASLR

I have been busy for a few days but came back to consider Maybe you could also vary the location in memory yourself a bit. E.g. at a random position within a 1000 bytes allocated? I have a function, used in Encrypternet, which employs CBC-MAC AES 128 on a 8KB random buffer, a random IV (Initializati...
by deltarho[1859]
Oct 09, 2019 16:31
Forum: General
Topic: ASLR
Replies: 63
Views: 1113

Re: ASLR

You do overwrite the memory location after use, I assume. CryptProtectMemory using CRYPTPROTECTMEMORY_SAME_PROCESS, and we don't have to worry about it being paged out. Of course, we don't decrypt. Maybe you could also vary the location in memory yourself a bit. E.g. at a random position within a 1...
by deltarho[1859]
Oct 08, 2019 23:32
Forum: General
Topic: ASLR
Replies: 63
Views: 1113

Re: ASLR

@caseih

Thanks for that.

In a nutshell you are saying if you are a cryptographer/cryptanalyst then you probably don't need DEP/ASLR but since I am neither then I probably do. Image

It is time to move on, we have drifted well off topic now.
by deltarho[1859]
Oct 08, 2019 23:07
Forum: General
Topic: ASLR
Replies: 63
Views: 1113

Re: ASLR

@macko17

You are painting over the cracks. It is better to use filler, glasspaper and then paint.

Anyway, this thread is about ASLR, or not as it turned out and focusing on Encrypternet or positive aspects of gcc isn't gong to change that.
by deltarho[1859]
Oct 08, 2019 22:32
Forum: General
Topic: ASLR
Replies: 63
Views: 1113

Re: ASLR

@badidea At some point during the package encryption phase a plaintext 'password' is generated, 0.72ms later it ceases to exist in plaintext form, it is encrypted using the receiver's public RSA key. At some point during the package decryption phase the ciphertext 'password' is decrypted using the r...
by deltarho[1859]
Oct 08, 2019 20:40
Forum: General
Topic: ASLR
Replies: 63
Views: 1113

Re: ASLR

"Encrypternet is a small utility for encrypting files in such a way that they may be safely sent over the Internet or downloaded from a website." "The target audience for Encrypternet is for those requiring confidentiality up to Secret" I liken Encrypternet to an aircraft. It is ...
by deltarho[1859]
Oct 08, 2019 20:05
Forum: General
Topic: ASLR
Replies: 63
Views: 1113

Re: ASLR

I take the view that the horse has already bolted. mingw-w64 should have a switch similar to '-nostrip' similar to particle meets antiparticle. It beggars belief that has not occurred to someone, considering the overwhelming support for ASLR. Added: Sorry MrSwiss I stopped to make a cup of tea and d...
by deltarho[1859]
Oct 08, 2019 19:33
Forum: General
Topic: ASLR
Replies: 63
Views: 1113

Re: ASLR

Windows executables produced by mingw-w64 have the relocations table stripped from them by default.

We couldn't get 8.3 to work. We couldn't get 10.0 to work. I will not put any money on the table for 9.2.

Libs will not be ASLR. Executables will not be ASLR.

In a word we are stuffed.
by deltarho[1859]
Oct 08, 2019 19:13
Forum: General
Topic: ASLR
Replies: 63
Views: 1113

Re: ASLR

OK, same as above No errors, no warnings and no ASLR but with DEP Enabled(permanent) and ASLR with Bottom-Up, Force-Relocate.

We are now just shuffling cards in the hope that the Ace of Spades rises to the top.
by deltarho[1859]
Oct 08, 2019 19:01
Forum: General
Topic: ASLR
Replies: 63
Views: 1113

Re: ASLR

OK and got a message from Windows with no title. The message was: "This app can't run on your PC."

I muttered "Whose PC do you recommend then?"
by deltarho[1859]
Oct 08, 2019 18:42
Forum: General
Topic: ASLR
Replies: 63
Views: 1113

Re: ASLR

I tried -gen gcc -Wc -O2 -Wl -fPIE,-shared,-PIE,-dynamicbase,-highentropyva and got unrecognized option '-PIE' and an invitation to use --help. I tried -gen gcc -Wc -O2 -Wl -fPIE,-shared,-pie,-dynamicbase,-highentropyva and got '-f may not be used without -shared' I added -fPIE -pie to the CFLASG so...
by deltarho[1859]
Oct 08, 2019 18:21
Forum: General
Topic: ASLR
Replies: 63
Views: 1113

Re: ASLR

@srvaldez From one of José's quotes we have: "Windows executables produced by mingw-w64 have the relocations table stripped from them by default." So, what are hoping for with your 10.0 build? Anyway, I tried this: -gen gcc -Wc -O2 -Wl -fpie,-shared,-pie,-dynamicbase,-highentropyva It is t...
by deltarho[1859]
Oct 08, 2019 17:01
Forum: General
Topic: ASLR
Replies: 63
Views: 1113

Re: ASLR

I am not departing FreeBASIC, I might come across a PRNG to give PCG32II and MsWs a run for their money. FreeBASIC is much better for developing PRNG's than PowerBASIC. Cryptographic work, as I have mentioned, is a different story. I will, of course, try any builds that you make, srvaldez - lets fac...
by deltarho[1859]
Oct 08, 2019 16:44
Forum: General
Topic: ASLR
Replies: 63
Views: 1113

Re: ASLR

using the compiler and linker options that caused your app to crash The one which saw Encrypternet close down straight away was "-gen gcc -Wc -O2,-fpie -Wl -pie,-dynamicbase,-highentropyva" and that beviour has not changed. Your [edit] mentioned -gen gcc -Wc -fPIE,-pie -Wl -dynamicbase bu...
by deltarho[1859]
Oct 08, 2019 15:03
Forum: General
Topic: ASLR
Replies: 63
Views: 1113

Re: ASLR

Thanks José. Since Microsoft introduced ASLR 12 years ago what we have here, in my opinion, is absolutely scandalous. Of course, it isn't gcc's fault - gcc is a project using mingw-w64. It looks like writing PI libs is not possible. Oh dear, I may have to rewrite Encrypternet using PowerBASIC. @José...

Go to advanced search