[OWASP-Delhi] Thread closed: How to implement ASLR & DEP in C# thick client applications?

sanjay kumar sanjay1519841 at gmail.com
Tue Jul 7 10:03:57 UTC 2015


Thanks praveen

On Tuesday, July 7, 2015, Praveen Darshanam <praveen_recker at yahoo.com>
wrote:

> Hi Sanjay,
>
> Code Caves and DEP/ASLR are two different things.
> DEP/ASLR are used to protect (shell)code execution from non executable
> locations,say, stack, heap etc.
> Code Caves present in a binary can be exploited irrespective of
> programming language used in creating the binary.
>
> Best Regards,
> Praveen Darshanam
>
>
>
>   On Tuesday, July 7, 2015 11:34 AM, sanjay kumar <sanjay1519841 at gmail.com
> <javascript:_e(%7B%7D,'cvml','sanjay1519841 at gmail.com');>> wrote:
>
>
> Thanks Vinil,
>
> I got my answer & want to close this thread as C# applications cannot be
> tampered by code cave injection technique as mentioned in below refrence
> link:
>
> http://home.inf.fh-rhein-sieg.de/~ikarim2s/how2injectcode/code_inject.html
>
>
>
> *C# Winform application running on CLR has DEP and ASLR enabled by
> default.*
>
> Thanks everyone!
>
>
>
>
>
>
>
>
>
> C#On Tuesday, July 7, 2015, Vinil Menon <vinilm at yahoo.com
> <javascript:_e(%7B%7D,'cvml','vinilm at yahoo.com');>> wrote:
>
> .NET since 2.0 has DEP on (via NXCOMPAT). And since the code is JIT, you
> don't need to worry about ASLR either.
>
>
> So in short - a C# Winform application running on CLR has DEP and ASLR
> enabled by default.
>
>
>
> *From:* sanjay kumar <sanjay1519841 at gmail.com>
> *To:* Dhruv Soi <dhruv.soi at owasp.org>
> *Cc:* owasp-delhi <owasp-delhi at lists.owasp.org>
> *Sent:* Monday, July 6, 2015 12:05 PM
> *Subject:* Re: [OWASP-Delhi] How to implement ASLR & DEP in C# thick
> client applications?
>
> Thanks Dhruv,
>
> But the question is for c#, I dint find such specific result for tht.
>
>
>
> On Sunday, July 5, 2015, Dhruv Soi <dhruv.soi at owasp.org> wrote:
>
> http://www.lmgtfy.com/?q=threats+of+no+aslr+in+applications
>
> http://www.lmgtfy.com/?q=aslr+c%23
>
> On Fri, Jul 3, 2015 at 12:16 PM, sanjay kumar <sanjay1519841 at gmail.com>
> wrote:
> > Hi,
> >
> > Does anyone knows how to implement ASLR (Address Space Layout
> > Randomization), DEP (Data Execution Prevention) in thick client
> application
> > based on C#?
> >
> > If it cannot be implement then what is the risk in applications which
> > developed in C#?
> >
> > Regards,
> >
> > Sanjay Kumar
> >
> >
> >
> > _______________________________________________
> > OWASP-Delhi mailing list
> > OWASP-Delhi at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-delhi
> > LinkedIn Group: https://www.linkedin.com/groups?gid=89270
> > Twitter: https://twitter.com/OWASPdelhi
>
>
> _______________________________________________
> OWASP-Delhi mailing list
> OWASP-Delhi at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
> LinkedIn Group: https://www.linkedin.com/groups?gid=89270
> Twitter: https://twitter.com/OWASPdelhi
>
>
>
> _______________________________________________
> OWASP-Delhi mailing list
> OWASP-Delhi at lists.owasp.org
> <javascript:_e(%7B%7D,'cvml','OWASP-Delhi at lists.owasp.org');>
> https://lists.owasp.org/mailman/listinfo/owasp-delhi
> LinkedIn Group: https://www.linkedin.com/groups?gid=89270
> Twitter: https://twitter.com/OWASPdelhi
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-delhi/attachments/20150707/713b01b4/attachment-0001.html>


More information about the OWASP-Delhi mailing list