- Compile flags:
- /GS: Stack protection from buffer overrun.
- /SDL: Subset of W3&W4 security warnings as errors.
- Use warning 4.
- /WX: Treat Warnings As Errors.
- Linker flags:
- /DYNAMICBASE: Randomize module base address to ensure that our code is at different location each time it is loaded.
- /NXCOMPAT: Data Execution Prevention to ensure that data is difficult to execute.
- /SAFESEH: Secure Exception Handling. Project->Properties->Linker->Advanced->Image has Safe Exception Handlers.
- Using VS Code Analysis to find vulnerability.
- Including Banned.h in projects to find unsafe methods which are listed in Banned.h.
- Using BannedAPIextension to flag banned api use in editor. (only available for VS2010)
- Enable /SEHOP in registry setting:
-
- Click Start, click Run, type regedit, and
then press ENTER. - Locate the following registry subkey:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\DisableExceptionChainValidation
Note If you cannot find the DisableExceptionChainValidation registry entry under the
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\
subkey, follow these steps to create it:
- Right-click kernel, point to New, and then click DWORD Value.
- Type DisableExceptionChainValidation, and then press ENTER.
- Double-click DisableExceptionChainValidation.
- Change the value of the DisableExceptionChainValidation registry entry to 0 to enable it, and then click OK.
Note A value of 1 disables the registry entry. A value of 0 enables it.
- Click Start, click Run, type regedit, and
-
Add more security in Visual Studio 2012
时间: 2024-10-29 19:06:31