Protecting Your Code with Visual C++ Defenses

Comments

# MSDN Blog Postings » Protecting Your Code with Visual C++ Defenses said on March 17, 2008 9:26 PM:

PingBack from http://msdnrss.thecoderblogs.com/2008/03/17/protecting-your-code-with-visual-c-defenses/

# Alex said on March 19, 2008 1:52 PM:

Michael, thanks for the article.

I have one question though. Your article says that all C++ compiler defences terminate the program if they fail. However from assembly code for operator new it looks like this one won't actually kill the process but rather throw bad_alloc. Is that the case?

# michael_HOWARD said on March 19, 2008 2:34 PM:

Alex, you are totally correct. But in our experience, few people actual wrap ::new with an exception handler. So the app will quit!

# Drew said on March 20, 2008 3:01 PM:

The article says:

"#define _CRT_SECURE_COPP_OVERLOAD_STANDARD_NAMES 1"

Is this a typo? I think it's supposed to be _CRT_SECURE_CPP_OVERLOAD_STANDARD_NAMES

The same typo exists in http://blogs.msdn.com/michael_howard/archive/2005/02/03/366625.aspx

# michael_HOWARD said on March 24, 2008 9:03 AM:

Drew, I'll get it fixed - thanks

# Stefan Kuhr said on April 5, 2008 7:20 PM:

Michael,

I didn't know that ASLR is available for people outside MS as well. So how do I go about a Dr.Watson Log and my map files if I use /DynamicBase. Isn't then a map file just useless because my DLLs' preferred load addresses are ignored because I use ASLR? What happens if I have two processes that load the same DLLs, everything built with /DynamicBase. Will these two processes actually share the pages containing code in the DLLs or will they have different copies of these pages? Or did I miss something entirely?