From 9bd3f35003c2e9eff74766d57a71d6b391ab602a Mon Sep 17 00:00:00 2001
From: Ethan Heilman <ethan.r.heilman@gmail.com>
Date: Sun, 31 Jan 2021 20:54:02 -0500
Subject: build: adds switch for disabling random base addresses in MSVC

---
 build_msvc/README.md           | 22 ++++++++++++++++++++++
 build_msvc/common.init.vcxproj |  1 +
 2 files changed, 23 insertions(+)

(limited to 'build_msvc')

diff --git a/build_msvc/README.md b/build_msvc/README.md
index 87ea556a23..ab1ceb7c0c 100644
--- a/build_msvc/README.md
+++ b/build_msvc/README.md
@@ -77,3 +77,25 @@ For safety reasons the Bitcoin Core .appveyor.yml file has the artifact options
     #- 7z a bitcoin-%APPVEYOR_BUILD_VERSION%.zip %APPVEYOR_BUILD_FOLDER%\build_msvc\%platform%\%configuration%\*.exe
     #- path: bitcoin-%APPVEYOR_BUILD_VERSION%.zip
 ```
+
+Security
+---------------------
+[Base address randomization](https://docs.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=msvc-160) is used to make Bitcoin Core more secure. When building Bitcoin using the `build_msvc` process base address randomization can be disabled by editing `common.init.vcproj` to change `RandomizedBaseAddress` from `true` to `false` and then rebuilding the project.
+
+To check if `bitcoind` has `RandomizedBaseAddress` enabled or disabled run
+
+```
+.\dumpbin.exe /headers src/bitcoind.exe
+```
+
+If is it enabled then in the output `Dynamic base` will be listed in the `DLL characteristics` under `OPTIONAL HEADER VALUES` as shown below
+
+```
+            8160 DLL characteristics
+                   High Entropy Virtual Addresses
+                   Dynamic base
+                   NX compatible
+                   Terminal Server Aware
+```
+
+This may not disable all stack randomization as versions of windows employ additional stack randomization protections. These protections must be turned off in the OS configuration.
\ No newline at end of file
diff --git a/build_msvc/common.init.vcxproj b/build_msvc/common.init.vcxproj
index 9c589bccbc..657e67462d 100644
--- a/build_msvc/common.init.vcxproj
+++ b/build_msvc/common.init.vcxproj
@@ -105,6 +105,7 @@
     <Link>
       <SubSystem>Console</SubSystem>
       <AdditionalDependencies>Iphlpapi.lib;ws2_32.lib;Shlwapi.lib;kernel32.lib;user32.lib;gdi32.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
+      <RandomizedBaseAddress>true</RandomizedBaseAddress>
     </Link>
     <Lib>
       <AdditionalOptions>/ignore:4221</AdditionalOptions>
-- 
cgit v1.2.3