Enable Safe Exception Handling in C++ Builder

Asked 25/6, 2012 at 20:0 Answered 2/12, 2015 at 21:59

Solved delphi windows-8 c++builder seh aslr

For Windows 8 application certification, there are (among other) these requirements:

3.2 Your app must be compiled using the /SafeSEH flag to ensure safe exceptions handling
3.3 Your app must be compiled using the /NXCOMPAT flag to prevent data execution
3.4 Your app must be compiled using the /DYNAMICBASE flag for address space layout randomization (ASLR)

I wasn't able to find out how to enable either of these in C++Builder XE.

For /NXCOMPAT and /DYNAMICBASE, one can use editbin.exe from VS or peflags.exe from Cygwin. Though I would feel more confident about possible side-effects, if there was native way to enable these.

Anyway, I'm totally at loss regarding /SafeSEH.

Errolerroll answered 25/6, 2012 at 20:0 Comment(1)

Certainly Delphi XE2 does not produce executables with Safe Exception Handler Tables. I don't have CPPBuilder to check that but I'd bet not. I think you will be out of luck and should submit a QC request. It may actually be that the structured exception handlers are safe but that's not much use for you if the PE files are not marked up to say so. Your 64 bit apps will be fine, but that's also not possible yet in CPPBuilder. – Figuration 25/6, 2012 at 21:12

First, /SafeSEH only applies to x86, not x64 or ARM. It requires that your compiler generate additional tables indicating the function addresses that are considered valid exception handlers for security reasons. There's a slim chance you could do this yourself, but it would require that you look at the fs:0 exception handling chain in your compiled assembly code and enumerate all addresses that are ever pushed on that chain, then describe them as documented here: http://msdn.microsoft.com/en-us/library/9a89h429(v=VS.80).aspx. There's a (slim) chance that your code doesn't actually have any handlers, and they're all in the C++Builder's runtime (might make it easy if the runtime is a separate DLL).

You should try to convince C++Builder to update their compiler to support SafeSEH. It's been around in the Windows platform since XP SP2, and plugs a pretty nasty security hole (exception handler addresses exist on the stack in x86, just waiting for a buffer overflow to put any random address there to be executed)

Picayune answered 24/8, 2012 at 23:45 Comment(0)

For the issue related to /NXCOMPAT and /DYNAMICBASE, I have created a request for the C++ Builder linker to support these flags here: https://quality.embarcadero.com/browse/RSP-13072

Using editbin.exe from Visual C++ is hardly an ideal solution, and their linker needs to support these flags natively.

UPDATE: An additional request has been created here for the C++ Builder / Delphi runtime files (DLLs/BPLs) to be distributed with these flags already set, so as to avoid having to use EDITBIN from Visual C++ to set them yourself: https://quality.embarcadero.com/browse/RSP-13231

Ouachita answered 2/12, 2015 at 21:59 Comment(0)

Recommended topics

Hot tags