ASLR and DEP in win7 WDK

Haibo · November 6, 2015, 4:46am

hi guys,
How can i compile drivers with ASLR and DEP enabled in win7 wdk? It seems compiler does not accept /dynamicbase and /nxcompat flags.

Regards
herb

OSR_Community_User · November 6, 2015, 5:30am

The compiler doesn’t accept those flags; have you tried the linker?

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-595017-
xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
Sent: 06 November 2015 09:45
To: Windows System Software Devs Interest List
Subject: [ntdev] ASLR and DEP in win7 WDK

hi guys,
How can i compile drivers with ASLR and DEP enabled in win7 wdk? It
seems compiler does not accept /dynamicbase and /nxcompat flags.

Regards
herb

NTDEV is sponsored by OSR

Visit the list at: http://www.osronline.com/showlists.cfm?list=ntdev

OSR is HIRING!! See http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
This email message has been delivered safely and archived online by Mimecast.

For more information please visit http://www.mimecast.com

Aleh_Kazakevich · November 6, 2015, 6:18am

DEP/ASLR in a kernel driver
http://www.osronline.com/showthread.cfm?link=235951

Tim_Roberts · November 6, 2015, 1:52pm

xxxxx@hotmail.com wrote:

How can i compile drivers with ASLR and DEP enabled in win7 wdk? It seems compiler does not accept /dynamicbase and /nxcompat flags.

Windows kernel drivers have essentially always had ASLR and NX, enforced
by the kernel. It ignores these new PE header bits.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Haibo · November 11, 2015, 9:15pm

Thank you very much, guys

Alex_Ionescu-2 · November 17, 2015, 10:57pm

Windows kernel drivers have not “always had ASLR and NX”. It was added in the same time as user-mode (Windows Vista for ASLR, and XP SP for NX), the difference being that ASLR was never opt-in for drivers.

As for NX, drivers have really only had it for stack and paged pool addresses.

For non paged pool, you must NX in Windows 8 and later, and only if you use POOL_NX_OPTIN and recompile, or if you modify all usage of “NonPagedPool” to “NonPagedPoolNx”.

Then you need to update your code to use MmMapIoSpaceEx so you can ask for NX MMIO, and if you use MmAllocateContiguousMemory (or friends) you need to use MmAllocateContiguousNodeMemory instead, and again ask for NX Contiguous memory.

As for NDIS drivers, you’re outta luck if you’ve been using NdisAllocateContiguousMemory because only Windows 10 Threshold 2 (November Update) fixes it to use the newer NX-compatible API.

So yeah, the state of security mitigations in the kernel is pretty sad, unless you recompile your driver to make use of these barely-documented new APIs and are running on Windows 8.1 or later. Of course, as soon as more enterprise customers start turning on Device Guard, these types of issues are going to come front and center.

–
Best regards,
Alex Ionescu