public static void InheritDefaults(this Application app)
{
app.RecalibrationEvent += (target) =>
{
//
// Inherit address bits from operating system (if not specified).
//
if (target.Application.AddressBits == null)
{
target.Application.AddressBits = target.OperatingSystem.AddressBits;
}
//
// Inherit OS NX, ASLR, and heap policies.
//
foreach (MemoryRegion region in Enum.GetValues(typeof(MemoryRegion)))
{
MitigationPolicy osPolicy = MitigationPolicy.NotSupported;
MitigationPolicy appPolicy = MitigationPolicy.NotSupported;
target.OperatingSystem.MemoryRegionASLRPolicy.TryGetValue(region, out osPolicy);
target.Application.MemoryRegionASLRPolicy.TryGetValue(region, out appPolicy);
target.Application.MemoryRegionASLRPolicy[region] = appPolicy.EffectivePolicy(osPolicy);
target.OperatingSystem.MemoryRegionNXPolicy.TryGetValue(region, out osPolicy);
target.Application.MemoryRegionNXPolicy.TryGetValue(region, out appPolicy);
target.Application.MemoryRegionNXPolicy[region] = appPolicy.EffectivePolicy(osPolicy);
}
foreach (HeapFeature feature in Enum.GetValues(typeof(HeapFeature)))
{
MitigationPolicy osPolicy = MitigationPolicy.NotSupported;
MitigationPolicy appPolicy = MitigationPolicy.NotSupported;
target.OperatingSystem.UserHeapPolicy.TryGetValue(feature, out osPolicy);
target.Application.UserHeapPolicy.TryGetValue(feature, out appPolicy);
target.Application.UserHeapPolicy[feature] = appPolicy.EffectivePolicy(osPolicy);
}
//
// Inherit default stack protection settings.
//
if (target.Application.DefaultStackProtectionEnabled == null)
{
target.Application.DefaultStackProtectionEnabled = target.OperatingSystem.DefaultStackProtectionEnabled;
target.Application.DefaultStackProtectionVersion = target.OperatingSystem.DefaultStackProtectionVersion;
target.Application.DefaultStackProtectionEntropyBits = target.OperatingSystem.DefaultStackProtectionEntropyBits;
}
};
}
public static MitigationPolicy EffectivePolicy(this MitigationPolicy policy, MitigationPolicy basePolicy)
{
switch (basePolicy)
{
case MitigationPolicy.On:
return(MitigationPolicy.On);
case MitigationPolicy.Off:
return(MitigationPolicy.Off);
case MitigationPolicy.NotSupported:
return(MitigationPolicy.NotSupported);
case MitigationPolicy.OptIn:
if (policy == MitigationPolicy.On)
{
return(policy);
}
else
{
return(MitigationPolicy.Off);
}
case MitigationPolicy.OptOut:
if (policy == MitigationPolicy.Off)
{
return(policy);
}
else
{
return(MitigationPolicy.On);
}
default:
throw new NotSupportedException();
}
}
public static bool IsOff(this MitigationPolicy policy)
{
return(policy == MitigationPolicy.Off || policy == MitigationPolicy.NotSupported || policy == MitigationPolicy.OptIn);
}
public static bool IsOn(this MitigationPolicy policy)
{
return(policy == MitigationPolicy.On || policy == MitigationPolicy.OptOut);
}
public static bool IsSupported(this MitigationPolicy policy)
{
return(policy != MitigationPolicy.NotSupported);
}
public static bool IsDisabledOrNotSupported(this MitigationPolicy policy)
{
return(policy >= MitigationPolicy.Off);
}
public static bool IsEnabled(this MitigationPolicy policy)
{
return(policy < MitigationPolicy.Off);
}
