[OWASP-Delhi] Thread closed: How to implement ASLR & DEP in C# thick client applications?

sanjay kumar sanjay1519841 at gmail.com
Tue Jul 7 05:36:08 UTC 2015


Thanks Vinil,

I got my answer & want to close this thread as C# applications cannot be
tampered by code cave injection technique as mentioned in below refrence
link:

http://home.inf.fh-rhein-sieg.de/~ikarim2s/how2injectcode/code_inject.html


*C# Winform application running on CLR has DEP and ASLR enabled by default.*

Thanks everyone!









C#On Tuesday, July 7, 2015, Vinil Menon <vinilm at yahoo.com> wrote:

> .NET since 2.0 has DEP on (via NXCOMPAT). And since the code is JIT, you
> don't need to worry about ASLR either.
>
>
> So in short - a C# Winform application running on CLR has DEP and ASLR
> enabled by default.
>
>

> *From:* sanjay kumar <sanjay1519841 at gmail.com
> <javascript:_e(%7B%7D,'cvml','sanjay1519841 at gmail.com');>>
> *To:* Dhruv Soi <dhruv.soi at owasp.org
> <javascript:_e(%7B%7D,'cvml','dhruv.soi at owasp.org');>>
> *Cc:* owasp-delhi <owasp-delhi at lists.owasp.org
> <javascript:_e(%7B%7D,'cvml','owasp-delhi at lists.owasp.org');>>
> *Sent:* Monday, July 6, 2015 12:05 PM
> *Subject:* Re: [OWASP-Delhi] How to implement ASLR & DEP in C# thick
> client applications?
>
> Thanks Dhruv,
>
> But the question is for c#, I dint find such specific result for tht.
>
>
>
> On Sunday, July 5, 2015, Dhruv Soi <dhruv.soi at owasp.org
> <javascript:_e(%7B%7D,'cvml','dhruv.soi at owasp.org');>> wrote:
>
> http://www.lmgtfy.com/?q=threats+of+no+aslr+in+applications
>
> http://www.lmgtfy.com/?q=aslr+c%23
>
> On Fri, Jul 3, 2015 at 12:16 PM, sanjay kumar <sanjay1519841 at gmail.com>
> wrote:
> > Hi,
> >
> > Does anyone knows how to implement ASLR (Address Space Layout
> > Randomization), DEP (Data Execution Prevention) in thick client
> application
> > based on C#?
> >
> > If it cannot be implement then what is the risk in applications which
> > developed in C#?
> >
> > Regards,
> >
> > Sanjay Kumar
> >
> >
> >
> > _______________________________________________
> > OWASP-Delhi mailing list
> > OWASP-Delhi at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-delhi
> > LinkedIn Group: https://www.linkedin.com/groups?gid=89270
> > Twitter: https://twitter.com/OWASPdelhi
>
>
> _______________________________________________
> OWASP-Delhi mailing list
> OWASP-Delhi at lists.owasp.org
> <javascript:_e(%7B%7D,'cvml','OWASP-Delhi at lists.owasp.org');>
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
> LinkedIn Group: https://www.linkedin.com/groups?gid=89270
> Twitter: https://twitter.com/OWASPdelhi
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-delhi/attachments/20150707/4b1638ad/attachment.html>


More information about the OWASP-Delhi mailing list