#67 Fix for the Windows 8 certification kit

launch4j 3.8
closed
None
9
2015-05-09
2012-09-18
Luc Bruninx
No

Hello,

Is it possible to recompile binaries (C headers) to conform with Apps Support Windows Security Features of the Windows 8 certification kit ?

You can see this document: http://msdn.microsoft.com/en-us/library/windows/desktop/hh749939.aspx

At the section 3:
3. Apps support Windows security features
The Windows operating system has many features that support system security and privacy. Apps must support these features to maintain the integrity of the operating system. Improperly compiled apps could cause buffer overruns that can, in turn, cause denial of service or allow malicious code execute.
3.1 Your app must not use AllowPartiallyTrustedCallersAttribute (APTCA) to ensure secure access to strong-named assemblies
3.2 Your app must be compiled using the /SafeSEH flag to ensure safe exceptions handling
3.3 Your app must be compiled using the /NXCOMPAT flag to prevent data execution
3.4 Your app must be compiled using the /DYNAMICBASE flag for address space layout randomization (ASLR)
3.5 Your app must not Read/Write Shared PE Sections

I have tested my Java application wrapped with Launch4j 3.0.2.

This is the only section that I have not been certified. To do this, you must recompile the binary files with the options specified by Microsoft.

Could you help me?

Thank you in advance.

Discussion

  • Luc Bruninx

    Luc Bruninx - 2012-09-20
    • milestone: --> Next Release
    • priority: 5 --> 9
     
  • Luc Bruninx

    Luc Bruninx - 2012-09-20

    To solve this problem, I suggest you simply this:
    1. And replace ld.exe windres.exe the latest version available from MinGW.
    2. To apply this patch in file net.sf.launch4j.Builder.java

    --- Builder.java Wed Sep 19 03:33:52 2012
    +++ Builder.java Wed Sep 19 03:33:52 2012
    @@ -97,0 +98,3 @@
    + .add("--dynamicbase")
    + .add("--nxcompat")
    + .add("--no-seh")

    The new launcher support Windows (8) security features? It works for me.

     
  • Luc Bruninx

    Luc Bruninx - 2012-09-20

    Patch for net.sf.launch4j.Builder.java

     
    Attachments
  • Grzegorz Kowal

    Grzegorz Kowal - 2012-10-07

    Hello, thanks for the patch. I'm installing Windows8 to check how this works.

    Grzegorz

     
  • Grzegorz Kowal

    Grzegorz Kowal - 2012-10-07
    • assigned_to: nobody --> grzegok
     
  • Luc Bruninx

    Luc Bruninx - 2012-10-07

    I m sorry for my English. But, if you follow my suggestion, the generated exe can be certified by the Windows 8 security certification tools from Microsoft.

    My patched version of launch4j produce executable files that pass the certification test.

     
  • Grzegorz Kowal

    Grzegorz Kowal - 2014-03-23

    Added in 3.1.0-beta1

     
  • Grzegorz Kowal

    Grzegorz Kowal - 2014-03-23
     
  • Grzegorz Kowal

    Grzegorz Kowal - 2014-03-23
    • status: open --> closed
     
  • Grzegorz Kowal

    Grzegorz Kowal - 2015-05-09
    • Group: Future --> launch4j 3.8
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks