views:

372

answers:

2

Windows 7 has Heap randomization and Stack randomization features. How could I manage it? How they are affects performance of my application? Where I could find more information on how it works?

I'm using Visual Studio 2008 for developing C++ programs. I can't find any compiler's options for that features.

A: 

Surely its just an OS feature? It shouldn't bother you in the slightest. The OS will move your application around and as long as you don't assume your applciation is loaded to a specific memory address (Which you really should never assume anyway) you won't get any problems.

Goz
My question was not about address randomization, but about heap randomization. I'm able to create new heap at any time of program life. Randomization could be a heavy procedure. I want to be sure that it will not take place without my approvement.
Kirill V. Lyadvinsky
AFAIK Heap randomization just means that if you do a malloc the block of memory it returns on one run will not be the same as the block of memory it returns on the next ... Its only happening in the process's virtual address space anyway .. isn't it?
Goz
I don't know. That's why I'm asking :) These features were mentioned in 'Windows 7 Client Software Logo' document. I can't find any additional info on that.
Kirill V. Lyadvinsky
Well thats all they can do. They can't break older applications. Its all set up to make it harder for a hacker to do a code injection because the hacker no longer knows what will be where in memory.
Goz
+2  A: 

Ok, Heap randomization and Stack randomization are Windows features, but have to be explicitly enabled for each process at link time. Mark Russinovich described how it is work in his 5-th Windows Internals book.

Stack randomization consists of first selecting one of 32 possible stack locations separated by either 64 KB or 256 KB. This base address is selected by finding the first appropriate free memory region and then choosing the xth available region, where x is once again generated based on the current processor's TSC shifted and masked into a 5-bit value.<...>

Finally, ASLR randomizes the location of the initial process heap (and subsequent heaps) when created in user mode. The RtlCreateHeap function uses another pseudo-random, TSC-derived value to determine the base address of the heap. This value, 5 bits this time, is multiplied by 64 KB to generate the final base address, starting at 0, giving a possible range of 0x00000000 to 0x001F0000 for the initial heap. Additionally, the range before the heap base address is manually deallocated in an attempt to force an access violation if an attack is doing a brute-force sweep of the entire possible heap address range.

Kirill V. Lyadvinsky