[OWASP-Delhi] Thread closed: How to implement ASLR & DEP in C# thick client applications?

Praveen Darshanam praveen_recker at yahoo.com
Tue Jul 7 07:24:24 UTC 2015


Hi Sanjay,
Code Caves and DEP/ASLR are two different things.DEP/ASLR are used to protect (shell)code execution from non executable locations,say, stack, heap etc.Code Caves present in a binary can be exploited irrespective of programming language used in creating the binary.
Best Regards,  
Praveen Darshanam 


     On Tuesday, July 7, 2015 11:34 AM, sanjay kumar <sanjay1519841 at gmail.com> wrote:
   

 Thanks Vinil,
I got my answer & want to close this thread as C# applications cannot be tampered by code cave injection technique as mentioned in below refrence link:
http://home.inf.fh-rhein-sieg.de/~ikarim2s/how2injectcode/code_inject.html 


C# Winform application running on CLR has DEP and ASLR enabled by default.

Thanks everyone!









C#On Tuesday, July 7, 2015, Vinil Menon <vinilm at yahoo.com> wrote:
.NET since 2.0 has DEP on (via NXCOMPAT). And since the code is JIT, you don't need to worry about ASLR either. 

So in short - a C# Winform application running on CLR has DEP and ASLR enabled by default. 

 
From: sanjay kumar <sanjay1519841 at gmail.com>
 To: Dhruv Soi <dhruv.soi at owasp.org> 
Cc: owasp-delhi <owasp-delhi at lists.owasp.org> 
 Sent: Monday, July 6, 2015 12:05 PM
 Subject: Re: [OWASP-Delhi] How to implement ASLR & DEP in C# thick client applications?
   
Thanks Dhruv,
But the question is for c#, I dint find such specific result for tht. 



On Sunday, July 5, 2015, Dhruv Soi <dhruv.soi at owasp.org> wrote:

http://www.lmgtfy.com/?q=threats+of+no+aslr+in+applications

http://www.lmgtfy.com/?q=aslr+c%23

On Fri, Jul 3, 2015 at 12:16 PM, sanjay kumar <sanjay1519841 at gmail.com> wrote:
> Hi,
>
> Does anyone knows how to implement ASLR (Address Space Layout
> Randomization), DEP (Data Execution Prevention) in thick client application
> based on C#?
>
> If it cannot be implement then what is the risk in applications which
> developed in C#?
>
> Regards,
>
> Sanjay Kumar
>
>
>
> _______________________________________________
> OWASP-Delhi mailing list
> OWASP-Delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
> LinkedIn Group: https://www.linkedin.com/groups?gid=89270
> Twitter: https://twitter.com/OWASPdelhi


_______________________________________________
OWASP-Delhi mailing list
OWASP-Delhi at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi
LinkedIn Group: https://www.linkedin.com/groups?gid=89270
Twitter: https://twitter.com/OWASPdelhi

   

_______________________________________________
OWASP-Delhi mailing list
OWASP-Delhi at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-delhi
LinkedIn Group: https://www.linkedin.com/groups?gid=89270
Twitter: https://twitter.com/OWASPdelhi

  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-delhi/attachments/20150707/c4197053/attachment-0001.html>


More information about the OWASP-Delhi mailing list