ASLR --high-entropy-va on x64

[kmedcalf]

When you build can you enable ASLR High-Entropy-VA? I believe this needs an additional linker flag to be set (it does with GCC) and you also have to base the image above the 4 Gig line? These can be set after the fact by rebasing the images and setting the appropriate header flags, but unless the code is incompatible with high-entropy-va (which it does not appear to be) can this become the default?

[mhammond]

I'll happily look at a PR request for this, but I doubt I'm going to find the time to research it myself.

[kmedcalf]

All I had to change in the already compiled binaries (the .pyd) for x64 (AMD64) was to run EDITBIN /REBASE:BASE=0x200000000 against them, so I suspect that all the settings in the compiler are correct and the base address just needs to be changed. In GCC (MinGW-W64) I use -Wl,--nxcompat,--dynamicbase,--high-entropy-va,--image-base=0x200000000.

I presume for the Microsoft compilers the options to enable NX COMPATIBILITY, DYNAMICBASE, and HIGH ENTROPY are also the default.

---

The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume.

-----Original Message----- From: Mark Hammond [mailto:notifications@github.com] Sent: Monday, 13 August, 2018 17:39 To: mhammond/pywin32 Cc: Keith Medcalf; Author Subject: Re: [mhammond/pywin32] ASLR --high-entropy-va on x64 (#1230)

I'll happily look at a PR request for this, but I doubt I'm going to find the time to research it myself.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/mhammond/pywin32/issues/1230#issuecomment- 412702084 , or mute the thread https://github.com/notifications/unsubscribe-auth/ALPwBUjR5Bp7AOO- oVFbZgWrmvsh_A5Cks5uQg4cgaJpZM4V5SHG . https://github.com/notifications/beacon/ALPwBQZ4H3BZUjdCuy3A1aXc0Ml0 M_3-ks5uQg4cgaJpZM4V5SHG.gif