locked
SAFESEH and assembler code RRS feed

  • Question

  • We are in the process of switching to VS2012 (from VS2009) and we ran into a problem.

    Our code includes one assembler file that is assembled using ml.exe. Now, when compiling with VS2012 we get the message that the object file for that code is unsafe when using the /SAFESEH linker switch ("vmchecks.obj : error LNK2026: module unsafe for SAFESEH image.").

    Now I have two questions:

    1. Is there any way to assemble the code so that it can be linked with /SAFESEH on?

    2. What bad effects can it have if we use /SAFESEH:NO?

    In case it matters: The code is just two functions to check whether the program runs within a virtual machine (VirtualPC or VirtualPC).

    vmchecks.asm:

    .386
    .model flat, c
    
    INCLUDE vmchecks.inc
    
    .code
    
    isInsideVMWare PROC uses ebx ecx edx
    	mov    eax, 'VMXh'
    	mov    ebx, 0					; any value but not the MAGIC VALUE
    
    	mov    ecx, 10				; get VMWare version
    
    	mov    edx, 'VX'			; port number
    
    
    	in     eax, dx				; read port
    
    	
    	cmp    ebx, 'VMXh'		; is it a reply from VMWare?
    	mov    eax, 1
      RET
    isInsideVMWare ENDP
    
    isInsideVPC PROC uses ebx
    	mov  ebx, 0						; It will stay ZERO if VPC is running
    	mov  eax, 1						; VPC function number
    	db 0Fh
    	db 3Fh
    	db 07h
    	db 0Bh
    	test ebx, ebx
    	mov    eax, 1
      RET
    isInsideVPC ENDP
    
    end
    

    Thursday, September 20, 2012 4:07 PM

Answers

  • SAFESEH is a security feature and as all compiler/linker security features it is optional. It's up to you to decide if the increased security is worth or not.

    But it seems that it is easy to make masm generate a safeseh object file, just set the Use Safe Exception Handler MASM property to Yes (see Project Properties, Microsoft Macro Assembler, Advanced).

    See also the .safeseh masm directive here: http://msdn.microsoft.com/en-us/library/16aexws6.aspx but probably you don't need it because your assembly code doesn't really contain any exception handlers.

    • Marked as answer by Arne Bergmann Friday, September 21, 2012 8:41 AM
    Friday, September 21, 2012 7:36 AM

All replies

  • According to various samples, maybe you can put these fragments in a C++ file using __asm and __emit statements.  And since they seem to give exceptions outside virtual machines, you have to use __try...__except statements as well.

    • Proposed as answer by Cody Gray Sunday, January 18, 2015 9:32 AM
    • Unproposed as answer by Cody Gray Sunday, January 18, 2015 9:32 AM
    Thursday, September 20, 2012 6:01 PM
  • Ok, I will try this. We had it as inline assembler first, though, and I remember there was a problem with it, I just cannot remember what it was.

    Yes the code does throw outside of virtual machines so we (of course) call it inside __try/__except.

    Do you happen to know what downsides are there to use /SAFESEH:NO?

    Friday, September 21, 2012 7:05 AM
  • Thank you for this very helpful post. Do you have a suggestion how to do the VM detection without using asm?
    Friday, September 21, 2012 7:06 AM
  • SAFESEH is a security feature and as all compiler/linker security features it is optional. It's up to you to decide if the increased security is worth or not.

    But it seems that it is easy to make masm generate a safeseh object file, just set the Use Safe Exception Handler MASM property to Yes (see Project Properties, Microsoft Macro Assembler, Advanced).

    See also the .safeseh masm directive here: http://msdn.microsoft.com/en-us/library/16aexws6.aspx but probably you don't need it because your assembly code doesn't really contain any exception handlers.

    • Marked as answer by Arne Bergmann Friday, September 21, 2012 8:41 AM
    Friday, September 21, 2012 7:36 AM
  • Thank you very much, Mike. Adding /safeseh to the command line for ml.exe worked :) (I didn't find it in the project properties, but I set ml.exe as a custom build tool for the .asm file, so that's probably why - it's probably not the most elegant way to do it, but it works).
    Friday, September 21, 2012 8:41 AM