mIRC Homepage
Posted By: afterdeck Build mIRC with /guard:cf - 18/08/19 01:16 PM
As per https://docs.microsoft.com/en-us/cpp/build/reference/guard-enable-control-flow-guard?view=vs-2019:

Quote
Control Flow Guard (CFG) is a highly-optimized platform security feature that was created to combat memory corruption vulnerabilities. By placing tight restrictions on where an application can execute code from, it makes it much harder for exploits to execute arbitrary code through vulnerabilities such as buffer overflows.


As far as I can tell, ASLR seems to be already supported / enabled.
Posted By: Khaled Re: Build mIRC with /guard:cf - 18/08/19 06:27 PM
mIRC is currently built with Visual Studio 2008. As far as I am aware, the guard option is only available in Visual Studio 2015 and onwards. I may move to a newer version of Visual Studio in the future but that would likely require code-rewriting and a lengthy beta cycle.
Posted By: Raccoon Re: Build mIRC with /guard:cf - 19/08/19 02:32 AM
(I notice that VC++ VS 2015 Community is très popular on the githubs for windows projects)
Posted By: afterdeck Re: Build mIRC with /guard:cf - 21/08/19 01:31 PM
If anyone is curious, here is the working set of "mitigation options"; tested on Win 10 10362.

Code
<?xml version="1.0" encoding="UTF-8"?>
<MitigationPolicy>
  <AppConfig Executable="mirc.exe">
    <DEP Enable="true" EmulateAtlThunks="false" />
    <ASLR ForceRelocateImages="true" RequireInfo="false" BottomUp="true" HighEntropy="true" />
    <StrictHandle Enable="true" />
    <ExtensionPoints DisableExtensionPoints="true" />
    <DynamicCode BlockDynamicCode="true" AllowThreadsToOptOut="false" Audit="false" />
    <ControlFlowGuard Enable="true" SuppressExports="false" />
    <SignedBinaries MicrosoftSignedOnly="true" AllowStoreSignedBinaries="false" Audit="false" AuditStoreSigned="false" EnforceModuleDependencySigning="true" />
    <Fonts DisableNonSystemFonts="true" AuditOnly="false" Audit="false" />
    <ImageLoad BlockRemoteImageLoads="true" AuditRemoteImageLoads="false" BlockLowLabelImageLoads="true" AuditLowLabelImageLoads="false" />
    <Payload EnableExportAddressFilter="true" AuditEnableExportAddressFilter="false" EnableExportAddressFilterPlus="true" AuditEnableExportAddressFilterPlus="false" EnableImportAddressFilter="true" AuditEnableImportAddressFilter="false" EnableRopStackPivot="true" AuditEnableRopStackPivot="false" EnableRopCallerCheck="true" AuditEnableRopCallerCheck="false" EnableRopSimExec="true" AuditEnableRopSimExec="false" />
    <SEHOP Enable="true" TelemetryOnly="false" />
    <Heap TerminateOnError="true" />
    <ChildProcess DisallowChildProcessCreation="true" Audit="false" />
  </AppConfig>
</MitigationPolicy>
© mIRC Discussion Forums