Old 5th September 2022, 11:38   #1
hccbharath
Junior Member
 
Join Date: Sep 2022
Posts: 1
Enable ASLR and DEP in NSIS Script

Hi All,

I am using the NSIS script to generate a '.exe' file. The generated '.exe' file fails the security review as the '.exe' doesn't have the ASLR and DEP values enabled when using the following
command "Get-PESecurity'

Could someone help me to understand how to get those enabled which generate the executables?

Any help would be appreciated
hccbharath is offline   Reply With Quote
Old 5th September 2022, 15:11   #2
Anders
Moderator
 
Anders's Avatar
 
Join Date: Jun 2002
Location: ${NSISDIR}
Posts: 5,548
I don't know what "Get-PESecurity" is but we are already setting those flags.

PHP Code:
#For testing, uncomment this: PEDllCharacteristics 0x0040 0x100 ; Force ASLR on and DEP off
Section
System
::Call 'KERNEL32::GetModuleHandle(p0)p.r1'
ReadMemory $$1 0x3C000004
IntPtrOp 
$$+ $PE
IntPtrOp 
$$24 IOH
IntPtrOp 
$$70 DllCharacteristics
ReadMemory 
$$2 4
!macro testflag n f
    
!include LogicLib.nsh
    StrCpy 
$4 No
    
${IfThen} $& ${f} ${|} StrCpy $4 Yes ${|}
    
DetailPrint "${n}: $4"
!macroend
!insertmacro testflag IMAGE_DLLCHARACTERISTICS_NX_COMPAT 0x0100 DEP
!insertmacro testflag IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE 0x0040 ASLR
!if "${NSIS_PTR_SIZE}4
!insertmacro testflag IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA 0x0020 64-bit "extended" ASLR
!endif

DetailPrint ""
!define PROCESS_DEP_ENABLE 0x00000001
System
::Call 'KERNEL32::GetCurrentProcess()p.r0'
System::Call 'KERNEL32::GetProcessDEPPolicy(pr0, *i0r3, *i0r2)i.r0'
DetailPrint "GetProcessDEPPolicy: Success=$0 Permanent=$2 Flags=$3"
!insertmacro testflag PROCESS_DEP_ENABLE ${PROCESS_DEP_ENABLE}
SectionEnd 

IntOp $PostCount $PostCount + 1
Anders is offline   Reply With Quote
Reply
Go Back   Winamp & Shoutcast Forums > Developer Center > NSIS Discussion

Tags
aslr, dep

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump