[PATCH] add support for high entropy ASLR on Windows

Pedro Alves palves@redhat.com
Tue Aug 19 21:53:00 GMT 2014


Hi Daniel,

Thanks for that patch, but although binutils/ld and gdb share the same
git repo, binutils has its own mailing list.  You need to resend this to
the binutils at sourceware list.

-- 
Pedro Alves

On 08/19/2014 09:10 PM, Daniel Micay wrote:
> Enabling the HIGH_ENTROPY_VA flag allows the operating system to use
> addresses outside of the 32-bit range before memory exhaustion. This
> results in a higher entropy implementation of ASLR when used with the
> DYNAMIC_BASE flag.
> 
> 2014-08-19  Daniel Micay  <danielmicay@gmail.com>
> 
> 	* include/coff/pe.h: Add HIGH_ENTROPY_VA flag
> 	* ld/emultempl/pep.em: Add --high-entropy-va switch
> 	* ld/ld.texinfo: Document the --high-entropy-va switch
> ---
>  include/coff/pe.h   | 1 +
>  ld/emultempl/pep.em | 7 +++++++
>  ld/ld.texinfo       | 4 ++++
>  3 files changed, 12 insertions(+)
> 
> diff --git a/include/coff/pe.h b/include/coff/pe.h
> index 0ed9dde..5ffa7c0 100644
> --- a/include/coff/pe.h
> +++ b/include/coff/pe.h
> @@ -40,6 +40,7 @@
>  
>  /* DllCharacteristics flag bits.  The inconsistent naming may seem
>     odd, but that is how they are defined in the PE specification.  */
> +#define IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA       0x0020
>  #define IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE          0x0040
>  #define IMAGE_DLL_CHARACTERISTICS_FORCE_INTEGRITY       0x0080
>  #define IMAGE_DLL_CHARACTERISTICS_NX_COMPAT             0x0100
> diff --git a/ld/emultempl/pep.em b/ld/emultempl/pep.em
> index 916a786..6d56bc3 100644
> --- a/ld/emultempl/pep.em
> +++ b/ld/emultempl/pep.em
> @@ -237,6 +237,7 @@ enum options
>    OPTION_LEADING_UNDERSCORE,
>    OPTION_ENABLE_LONG_SECTION_NAMES,
>    OPTION_DISABLE_LONG_SECTION_NAMES,
> +  OPTION_HIGH_ENTROPY_VA,
>    OPTION_DYNAMIC_BASE,
>    OPTION_FORCE_INTEGRITY,
>    OPTION_NX_COMPAT,
> @@ -314,6 +315,7 @@ gld${EMULATION_NAME}_add_options
>  #endif
>      {"enable-long-section-names", no_argument, NULL, OPTION_ENABLE_LONG_SECTION_NAMES},
>      {"disable-long-section-names", no_argument, NULL, OPTION_DISABLE_LONG_SECTION_NAMES},
> +    {"high-entropy-va", no_argument, NULL, OPTION_HIGH_ENTROPY_VA},
>      {"dynamicbase",no_argument, NULL, OPTION_DYNAMIC_BASE},
>      {"forceinteg", no_argument, NULL, OPTION_FORCE_INTEGRITY},
>      {"nxcompat", no_argument, NULL, OPTION_NX_COMPAT},
> @@ -450,6 +452,8 @@ gld_${EMULATION_NAME}_list_options (FILE *file)
>                                         executable image files\n"));
>    fprintf (file, _("  --disable-long-section-names       Never use long COFF section names, even\n\
>                                         in object files\n"));
> +  fprintf (file, _("  --high-entropy-va                  Image is compatible with 64-bit address space\n\
> +                                       layout randomization (ASLR)\n"));
>    fprintf (file, _("  --dynamicbase			 Image base address may be relocated using\n\
>  				       address space layout randomization (ASLR)\n"));
>    fprintf (file, _("  --forceinteg		 Code integrity checks are enforced\n"));
> @@ -804,6 +808,9 @@ gld${EMULATION_NAME}_handle_option (int optc)
>        pep_use_coff_long_section_names = 0;
>        break;
>      /*  Get DLLCharacteristics bits  */
> +    case OPTION_HIGH_ENTROPY_VA:
> +      pe_dll_characteristics |= IMAGE_DLL_CHARACTERISTICS_HIGH_ENTROPY_VA;
> +      break;
>      case OPTION_DYNAMIC_BASE:
>        pe_dll_characteristics |= IMAGE_DLL_CHARACTERISTICS_DYNAMIC_BASE;
>        break;
> diff --git a/ld/ld.texinfo b/ld/ld.texinfo
> index 718a7d0..350a48b 100644
> --- a/ld/ld.texinfo
> +++ b/ld/ld.texinfo
> @@ -2655,6 +2655,10 @@ The following options set flags in the @code{DllCharacteristics} field
>  of the PE file header:
>  [These options are specific to PE targeted ports of the linker]
>  
> +@kindex --high-entropy-va
> +@item --high-entropy-va
> +Image is compatible with 64-bit address space layout randomization (ASLR).
> +
>  @kindex --dynamicbase
>  @item --dynamicbase
>  The image base address may be relocated using address space layout
> 




More information about the Gdb-patches mailing list