locked
_set_security_error_handler no longer declared RRS feed

  • Question

  • No longer in the CRT header files?  There is still a reference to it in a comment in stdlib.h.  Has it been removed?  What's it's replacement?

    Steve Hills
    NCR Corporation
    Saturday, July 16, 2005 3:28 AM

Answers

  • Hi Steve,

    _set_security_error_handler has been removed due to known ways for going around /GS protection using user-defined /GS handler. It is unsafe to run any code after stack corruption is detected. In VS2005 number of code that run after /GS detected buffer overrun is reduced to just two operations - save current context to minidump and invoke Windows Error Reporting tool (Dr.Watson). In this way minimal amount of code is executed after stack is corrupted, leaving less code for a hacker to overwrite.

    Thanks,
    Nikola
    VC++

    Monday, July 18, 2005 5:19 PM

All replies

  • In VS.NET 2005 Beta2.
    Saturday, July 16, 2005 3:33 AM
  • Hi Steve,

    _set_security_error_handler has been removed due to known ways for going around /GS protection using user-defined /GS handler. It is unsafe to run any code after stack corruption is detected. In VS2005 number of code that run after /GS detected buffer overrun is reduced to just two operations - save current context to minidump and invoke Windows Error Reporting tool (Dr.Watson). In this way minimal amount of code is executed after stack is corrupted, leaving less code for a hacker to overwrite.

    Thanks,
    Nikola
    VC++

    Monday, July 18, 2005 5:19 PM
  • Ok, nice...

    But now, how i will find out where my program get corrupted ?

    I can't see the stack trace when the Dr. Watson show up.

    thanks 

    Monday, August 6, 2007 9:49 PM
  •  

    I have legancy code using _set_seqcurity_error_handler, how do I update it so the legancy code can be used in visual 2005 project.

     

    Thanks

     

    Wei

    Wednesday, March 19, 2008 8:21 PM