diff options
| author | Ethan Heilman <ethan.r.heilman@gmail.com> | 2021-01-31 20:54:02 -0500 |
|---|---|---|
| committer | Ethan Heilman <ethan.r.heilman@gmail.com> | 2021-02-28 14:49:09 -0500 |
| commit | 9bd3f35003c2e9eff74766d57a71d6b391ab602a (patch) | |
| tree | 2ab96cea102f9331894710b6ae83fc5ced0c1bef /build_msvc | |
| parent | 4c55f92c7644c267997c7ddab37d195216d6cf39 (diff) | |
| download | bitcoin-9bd3f35003c2e9eff74766d57a71d6b391ab602a.tar.xz | |
build: adds switch for disabling random base addresses in MSVC
Diffstat (limited to 'build_msvc')
| -rw-r--r-- | build_msvc/README.md | 22 | ||||
| -rw-r--r-- | build_msvc/common.init.vcxproj | 1 |
2 files changed, 23 insertions, 0 deletions
diff --git a/build_msvc/README.md b/build_msvc/README.md index 87ea556a23..ab1ceb7c0c 100644 --- a/build_msvc/README.md +++ b/build_msvc/README.md @@ -77,3 +77,25 @@ For safety reasons the Bitcoin Core .appveyor.yml file has the artifact options #- 7z a bitcoin-%APPVEYOR_BUILD_VERSION%.zip %APPVEYOR_BUILD_FOLDER%\build_msvc\%platform%\%configuration%\*.exe #- path: bitcoin-%APPVEYOR_BUILD_VERSION%.zip ``` + +Security +--------------------- +[Base address randomization](https://docs.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=msvc-160) is used to make Bitcoin Core more secure. When building Bitcoin using the `build_msvc` process base address randomization can be disabled by editing `common.init.vcproj` to change `RandomizedBaseAddress` from `true` to `false` and then rebuilding the project. + +To check if `bitcoind` has `RandomizedBaseAddress` enabled or disabled run + +``` +.\dumpbin.exe /headers src/bitcoind.exe +``` + +If is it enabled then in the output `Dynamic base` will be listed in the `DLL characteristics` under `OPTIONAL HEADER VALUES` as shown below + +``` + 8160 DLL characteristics + High Entropy Virtual Addresses + Dynamic base + NX compatible + Terminal Server Aware +``` + +This may not disable all stack randomization as versions of windows employ additional stack randomization protections. These protections must be turned off in the OS configuration.
\ No newline at end of file diff --git a/build_msvc/common.init.vcxproj b/build_msvc/common.init.vcxproj index 9c589bccbc..657e67462d 100644 --- a/build_msvc/common.init.vcxproj +++ b/build_msvc/common.init.vcxproj @@ -105,6 +105,7 @@ <Link> <SubSystem>Console</SubSystem> <AdditionalDependencies>Iphlpapi.lib;ws2_32.lib;Shlwapi.lib;kernel32.lib;user32.lib;gdi32.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies> + <RandomizedBaseAddress>true</RandomizedBaseAddress> </Link> <Lib> <AdditionalOptions>/ignore:4221</AdditionalOptions> |