Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#67 Fix for the Windows 8 certification kit

Next Release
closed
None
9
2014-03-23
2012-09-18
Luc Bruninx
No

Hello,

Is it possible to recompile binaries (C headers) to conform with Apps Support Windows Security Features of the Windows 8 certification kit ?

You can see this document: http://msdn.microsoft.com/en-us/library/windows/desktop/hh749939.aspx

At the section 3:
3. Apps support Windows security features
The Windows operating system has many features that support system security and privacy. Apps must support these features to maintain the integrity of the operating system. Improperly compiled apps could cause buffer overruns that can, in turn, cause denial of service or allow malicious code execute.
3.1 Your app must not use AllowPartiallyTrustedCallersAttribute (APTCA) to ensure secure access to strong-named assemblies
3.2 Your app must be compiled using the /SafeSEH flag to ensure safe exceptions handling
3.3 Your app must be compiled using the /NXCOMPAT flag to prevent data execution
3.4 Your app must be compiled using the /DYNAMICBASE flag for address space layout randomization (ASLR)
3.5 Your app must not Read/Write Shared PE Sections

I have tested my Java application wrapped with Launch4j 3.0.2.

This is the only section that I have not been certified. To do this, you must recompile the binary files with the options specified by Microsoft.

Could you help me?

Thank you in advance.

Discussion

  • Luc Bruninx
    Luc Bruninx
    2012-09-20

    • milestone: --> Next Release
    • priority: 5 --> 9
     
  • Luc Bruninx
    Luc Bruninx
    2012-09-20

    To solve this problem, I suggest you simply this:
    1. And replace ld.exe windres.exe the latest version available from MinGW.
    2. To apply this patch in file net.sf.launch4j.Builder.java

    --- Builder.java Wed Sep 19 03:33:52 2012
    +++ Builder.java Wed Sep 19 03:33:52 2012
    @@ -97,0 +98,3 @@
    + .add("--dynamicbase")
    + .add("--nxcompat")
    + .add("--no-seh")

    The new launcher support Windows (8) security features? It works for me.

     
  • Luc Bruninx
    Luc Bruninx
    2012-09-20

    Patch for net.sf.launch4j.Builder.java

     
    Attachments
  • Grzegorz Kowal
    Grzegorz Kowal
    2012-10-07

    Hello, thanks for the patch. I'm installing Windows8 to check how this works.

    Grzegorz

     
  • Grzegorz Kowal
    Grzegorz Kowal
    2012-10-07

    • assigned_to: nobody --> grzegok
     
  • Luc Bruninx
    Luc Bruninx
    2012-10-07

    I m sorry for my English. But, if you follow my suggestion, the generated exe can be certified by the Windows 8 security certification tools from Microsoft.

    My patched version of launch4j produce executable files that pass the certification test.

     
  • Grzegorz Kowal
    Grzegorz Kowal
    2014-03-23

    Added in 3.1.0-beta1

     
  • Grzegorz Kowal
    Grzegorz Kowal
    2014-03-23

     
  • Grzegorz Kowal
    Grzegorz Kowal
    2014-03-23

    • status: open --> closed