Setting SDL memory-related Requirements before your Application Starts

A word of warning, this is purely an “FYI” post that has very little to do with SDL policy!

I get this question, “How do I call various SDL-mandated APIs before my code starts?” about once a month, so I decided to write about it so I don’t have keep dragging up the same email over and over! The question roughly translates into “Can I call some setup code before main() starts?”

The answer is ‘yes’! But why would you want to do it? One reason is perhaps you want to call the SetProcessDEPPolicy API because you don’t have access to a compiler with the /NXCOMPAT option, or perhaps you want to call HeapSetInformation very early in your code because main() handles untrusted data. Or perhaps you want to create a library for your developers to link with and not require them to add new API calls to their code. But probably the most important reason is if you want to update many EXEs but don’t want to change the code, all you need to do is link with the OBJ file. That’s it!

Visual C++ allows you to define your own code sections that are called by the C startup runtime code prior to calling main(). The following code snippet could be compiled to a .OBJ and then linked with your C or C++ project and will call the SetProcessDEPPolicy API to set the NX bit on your process. You can add most any API in here.

static int __cdecl SDLSetup(void) {

 

       HeapSetInformation(NULL, HeapEnableTerminationOnCorruption, NULL, 0);

 

      

 

       HMODULE hmodKernel32 = GetModuleHandleW(L“KERNEL32.DLL”);

 

       BOOL (WINAPI *pfnSetProcessDEPPolicy)(DWORD);

 

       *(FARPROC *) &pfnSetProcessDEPPolicy

 

         = GetProcAddress(hmodKernel32, “SetProcessDEPPolicy”);

 

       if (pfnSetProcessDEPPolicy != 0)

 

         (*pfnSetProcessDEPPolicy)

 

              (PROCESS_DEP_ENABLE | PROCESS_DEP_DISABLE_ATL_THUNK_EMULATION);

 

   return(0);

 

}

 

static __declspec(allocate(“.CRT$XIAA”)) int (__cdecl *pfnSDLSetup)(void)
       = &SDLSetup;

About the Author
Michael Howard

Principal Security Program Manager

Michael Howard is a principal security program manager on the Trustworthy Computing (TwC) Security team at Microsoft, where he is responsible for managing secure design, programming, and testing techniques across the company. Michael is an architect of the Security Development Read more »

Join the conversation

1 comments
  1. david_leblanc

    You’re making this much too hard. Very interesting trick, but here’s the easy way:

    #include <stdio.h>

    class PreInit

    {

     public:

     PreInit() { printf("PreInit constructorn"); }

    };

    static PreInit pre;

    int main(void)

    {

     printf("Main runningn");

     return 0;

    }

    And the results:

    c:scratch>starts

    PreInit constructor

    Main running

    Conversely, if you have to do some cleanup only after main (or DllMain for that matter), make a static class that does the cleanup in the destructor.

    Yet another easy approach if you have a DLL that your class loads is to put this in the DLL initialization.

Comments are closed.