_set_security_error_handler no longer declared

Question

No longer in the CRT header files?  There is still a reference to it in a comment in stdlib.h.  Has it been removed?  What's it's replacement?

Steve Hills
NCR Corporation

Answer 1

In VS.NET 2005 Beta2.

Answer 2

Hi Steve,

_set_security_error_handler has been removed due to known ways for going around /GS protection using user-defined /GS handler. It is unsafe to run any code after stack corruption is detected. In VS2005 number of code that run after /GS detected buffer overrun is reduced to just two operations - save current context to minidump and invoke Windows Error Reporting tool (Dr.Watson). In this way minimal amount of code is executed after stack is corrupted, leaving less code for a hacker to overwrite.

Thanks,
Nikola
VC++

Answer 3

Ok, nice...

But now, how i will find out where my program get corrupted ?

I can't see the stack trace when the Dr. Watson show up.

thanks 

Answer 4

 

I have legancy code using _set_seqcurity_error_handler, how do I update it so the legancy code can be used in visual 2005 project.

 

Thanks

 

Wei