ASLR (Address Space Layout Randomization) for Windows XP


Recommended Posts

Overview

WehnTrust is a Host-based Intrusion Prevention System (HIPS) for Windows 2000, XP, and Server 2003. It includes support for exploit mitigations that are designed to make exploitation more difficult by preventing the use of specific exploitation techniques and by making exploitation unreliable.

How it works

WehnTrust randomizes the base addresses of memory allocations to make it more difficult to exploit software vulnerabilities such as buffer overflows. This technique is commonly known as Address Space Layout Randomization (ASLR) and was originally conceived by the PaX team. Microsoft has recently incorporated support for ASLR into Windows Vista and Windows Server 2008. In addition to ASLR, WehnTrust generically mitigates SEH overwrites by dynamically validating a thread's exception handler chain prior to allowing exceptions to be dispatched.

Recommendations

Using WehnTrust in combination with hardware-enforced DEP (non-executable pages) as included with Windows XP SP2 and Windows Server 2003 provides the greatest level of security. Non-executable pages help to counter some of the inherent weaknesses of ASLR.

Features

The following features are included:

Address Space Layout Randomization (ASLR)

Randomized image file mappings (relocations required)

Randomized memory allocations (e.g. VirtualAlloc)

Randomized PEB/TEB

Basic brute force detection and prevention

SEH Overwrite Prevention

Format string vulnerability prevention

Logging and notification of exploitation attempts

Balloon tip nofication

Native windows event logging

Application and image file exemptions

Download

WehnTrust Version 1.2

Source: WehnTrust Homepage

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Is there anyone who did not see Microsoft extending updates for Windows 10? There are still ALOT of people who wont switch and it will become a security nightmare when they don't get security updates.
    • You need an MSA for the other two options as well (pay 1000 rewards points or $30). To me this reeks of desperation and defeat that they're not seeing W11 being adopted as quickly as they would like.
    • Where was this article in the Windows 8 era? Microsoft was thinking almost the same back then. Just look at the response they received with such thought process...
    • Hahaha! I've been arguing with my dad for 10 years (he's pro-Tesla, I'm impartial as I don't trust a lot of the people and their tech in these robotaxis) about this whole charade. His continued argument is the cost factor (economies of scale principle) and the associated technology (different dependencies of which reduced production cost is a potential outcome thus feeding into the reduced cost argument). And my rebuttal is the broad-market trust factor -- it's often not the most innovative or first-mover that wins (Uber and Tesla have been arguing/investing in autonomous vehicles forever) but rather the option that builds the most trust amongst the commonwealth. VW and Toyota are not the first or best or cheapest cars on the road, but they've built a long of continued trust to the scales of being the largest automakers by volume worldwide. Supercar makers have the highest profit margins, Tesla has the highest stock price, but VW and Toyota have the sales volumes. As it stands, the writing is on the wall... No matter what advantages Tesla had in their ambitions, they have an even-longer road to repair public trust than any other robotaxi provider (foreign or domestic). If the trend continues, everyone will realise that their market valuation is based on their non-automotive efforts (including not robotaxis or consumer humanoids).
    • Or just use Linux and live free. For the anti-Linux brigadiers reading this, this is the part where you go: Nooo! I love being digitally abused by Microsoft 😡😡 /s
  • Recent Achievements

    • Week One Done
      DrRonSr earned a badge
      Week One Done
    • Week One Done
      Sharon dixon earned a badge
      Week One Done
    • Dedicated
      Parallax Abstraction earned a badge
      Dedicated
    • First Post
      956400 earned a badge
      First Post
    • Week One Done
      davidfegan earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      601
    2. 2
      ATLien_0
      225
    3. 3
      Michael Scrip
      168
    4. 4
      +FloatingFatMan
      153
    5. 5
      Xenon
      137
  • Tell a friend

    Love Neowin? Tell a friend!