build: adds switch to enable/disable randomized base address in MSVC builds #21045

pull EthanHeilman wants to merge 1 commits into bitcoin:master from EthanHeilman:winnoaslr changing 2 files +23 −0
  1. EthanHeilman commented at 2:03 AM on February 1, 2021: contributor

    In m4 builds we have the --disable-hardening switch that can be given in ./configure to turn off randomized addresses. This PR provides a simple way of turning off randomized addresses in MSVC builds.

    This PR:

    • Adds this option the common-init project file so that it can be globally set across the project
    • Documents this switch in msvc build readme

    I have run the following test to verify this works

    I ran the msvc build with <RandomizedBaseAddress>true</RandomizedBaseAddress> then checked bitcoind.exe and bitcoin-cli.exe with dumpbin.exe:

    bitcoind

    > .\dumpbin.exe /headers src/bitcoind.exe
Microsoft (R) COFF/PE Dumper Version 14.16.27045.0
...
OPTIONAL HEADER VALUES
             20B magic # (PE32+)
           14.28 linker version
          AE4600 size of code
          345C00 size of initialized data
               0 size of uninitialized data
          6BED74 entry point (00000001406BED74) mainCRTStartup
            1000 base of code
       140000000 image base (0000000140000000 to 0000000140E2DFFF)
            1000 section alignment
             200 file alignment
            6.00 operating system version
            0.00 image version
            6.00 subsystem version
               0 Win32 version
          E2E000 size of image
             400 size of headers
               0 checksum
               3 subsystem (Windows CUI)
            8160 DLL characteristics
                   High Entropy Virtual Addresses
                   Dynamic base
                   NX compatible
                   Terminal Server Aware

    bitcoin-cli

    > .\dumpbin.exe /headers src/bitcoin-cli.exe
Microsoft (R) COFF/PE Dumper Version 14.16.27045.0
...
OPTIONAL HEADER VALUES
             20B magic # (PE32+)
           14.28 linker version
          1E3E00 size of code
           92C00 size of initialized data
               0 size of uninitialized data
          104384 entry point (0000000140104384) mainCRTStartup
            1000 base of code
       140000000 image base (0000000140000000 to 0000000140279FFF)
            1000 section alignment
             200 file alignment
            6.00 operating system version
            0.00 image version
            6.00 subsystem version
               0 Win32 version
          27A000 size of image
             400 size of headers
               0 checksum
               3 subsystem (Windows CUI)
            8160 DLL characteristics
                   High Entropy Virtual Addresses
                   Dynamic base
                   NX compatible
                   Terminal Server Aware

    Then I built with <RandomizedBaseAddress>false</RandomizedBaseAddress> then checked bitcoind.exe and bitcoin-cli.exe with dumpbin.exe and observed that Dynamic base was longer listed in OPTIONAL HEADER VALUES

    bitcoind

    PS C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.16.27023\bin\HostX64\x64> .\dumpbin.exe /headers C:\Users\e0\Documents\GitHub\bitcoin021noaslr/src/bitcoind.exe
Microsoft (R) COFF/PE Dumper Version 14.16.27045.0
...
OPTIONAL HEADER VALUES
             20B magic # (PE32+)
           14.28 linker version
          AE4600 size of code
          33FE00 size of initialized data
               0 size of uninitialized data
          6BED74 entry point (00000001406BED74) mainCRTStartup
            1000 base of code
       140000000 image base (0000000140000000 to 0000000140E27FFF)
            1000 section alignment
             200 file alignment
            6.00 operating system version
            0.00 image version
            6.00 subsystem version
               0 Win32 version
          E28000 size of image
             400 size of headers
               0 checksum
               3 subsystem (Windows CUI)
            8120 DLL characteristics
                   High Entropy Virtual Addresses
                   NX compatible
                   Terminal Server Aware

    bitcoin-cli

    > .\dumpbin.exe /headers src/bitcoin-cli.exe
Microsoft (R) COFF/PE Dumper Version 14.16.27045.0
...
OPTIONAL HEADER VALUES
             20B magic # (PE32+)
           14.28 linker version
          1E3E00 size of code
           90C00 size of initialized data
               0 size of uninitialized data
          104384 entry point (0000000140104384) mainCRTStartup
            1000 base of code
       140000000 image base (0000000140000000 to 0000000140277FFF)
            1000 section alignment
             200 file alignment
            6.00 operating system version
            0.00 image version
            6.00 subsystem version
               0 Win32 version
          278000 size of image
             400 size of headers
               0 checksum
               3 subsystem (Windows CUI)
            8120 DLL characteristics
                   High Entropy Virtual Addresses
                   NX compatible
                   Terminal Server Aware
  2. fanquake added the label Build system on Feb 1, 2021
  3. fanquake added the label Windows on Feb 1, 2021
  4. laanwj requested review from sipsorcery on Feb 1, 2021
  5. sipsorcery commented at 10:15 AM on February 1, 2021: member

    @EthanHeilman any chance you could set the status on this PR to draft while you're still working on it? Example. It's slightly easier to keep track of than using [wip] in the title.

    Feel free to ping me when you're ready for reviews.

  6. MarcoFalke marked this as a draft on Feb 1, 2021
  7. EthanHeilman force-pushed on Feb 27, 2021
  8. EthanHeilman force-pushed on Feb 27, 2021
  9. EthanHeilman renamed this:
    [wip] build: adds switch to enable/disable randomized base address in MSVC builds
    build: adds switch to enable/disable randomized base address in MSVC builds
    on Feb 28, 2021
  10. EthanHeilman marked this as ready for review on Feb 28, 2021
  11. practicalswift commented at 4:09 PM on February 28, 2021: contributor

    cr ACK 1ea938167cd284a7aecdec31b7f2173f5658d110: patch looks correct

    Thanks for improving hardening!

  12. sipsorcery commented at 7:06 PM on February 28, 2021: member

    @EthanHeilman thanks for the PR.

    Explicitly calling out the RandomizedBaseAddress linker option does seem to be a little bit of superfluous given it's enabled and giving the security benefits by default. But I guess it does no harm other than the time it will take developers to read the documentation.

    Rather than adding a new ItemDefinitionGroup could you add the new option to the common block that already exists at the bottom of common.init.vcxproj, e.g:

    ...
      <AdditionalIncludeDirectories>..\..\src;..\..\src\univalue\include;..\..\src\secp256k1\include;..\..\src\leveldb\include;..\..\src\leveldb\helpers\memenv;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
    </ClCompile>
    <Link>
      <SubSystem>Console</SubSystem>
      <AdditionalDependencies>Iphlpapi.lib;ws2_32.lib;Shlwapi.lib;kernel32.lib;user32.lib;gdi32.lib;comdlg32.lib;advapi32.lib;shell32.lib;ole32.lib;oleaut32.lib;uuid.lib;odbc32.lib;odbccp32.lib;%(AdditionalDependencies)</AdditionalDependencies>
      <RandomizedBaseAddress>true</RandomizedBaseAddress>
    </Link>
    <Lib>
      <AdditionalOptions>/ignore:4221</AdditionalOptions>
    </Lib>
...
  13. build: adds switch for disabling random base addresses in MSVC 9bd3f35003
  14. EthanHeilman force-pushed on Feb 28, 2021
  15. sipsorcery approved
  16. sipsorcery commented at 7:51 PM on February 28, 2021: member

    ACK 9bd3f35003c2e9eff74766d57a71d6b391ab602a.

  17. EthanHeilman commented at 7:58 PM on February 28, 2021: contributor

    Thanks @sipsorcery that is a better place for it, I've updated the PR. Currently testing it locally.

    The reason I'm adding this flag is that I was doing some bitcoin research which required predictable base addresses and it took me a while to figure out how to disable randomized addresses. I figured I'd save the next person who wants this option some time.

  18. EthanHeilman commented at 8:00 PM on February 28, 2021: contributor

    Tested and confirmed the correct behavior.

  19. practicalswift commented at 8:06 PM on February 28, 2021: contributor

    cr ACK 9bd3f35003c2e9eff74766d57a71d6b391ab602a: patch looks correct

  20. laanwj merged this on Apr 29, 2021
  21. laanwj closed this on Apr 29, 2021
  22. sidhujag referenced this in commit c04bb16dfa on Apr 30, 2021
  23. gwillen referenced this in commit 583e314e71 on Jun 1, 2022
  24. DrahtBot locked this on Aug 16, 2022
Contributors
EthanHeilmansipsorcerypracticalswift
Labels
WindowsBuild system
github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin/bitcoin. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2026-04-17 03:14 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me