• You are here:  
  • Home
  • Q&A
  • Q&A
  • PowerBuilder
  • Enable DEP/SafeSEH/ASLR and Anti Tamper protection in Power Builder 2017/2019

Subscribe via RSS
Toggle Submenu
  1. Categories
  2. Recent
  3. Tags
View Replies (3)

Resolved Enable DEP/SafeSEH/ASLR and Anti Tamper protection in Power Builder 2017/2019

  1. How-to
0
Votes
Undo
  1. Erick Siliezar
    Erick Siliezar
  2. PowerBuilder
  3. Wednesday, 29 January 2020 21:07 PM UTC

Hi , currently I'm using Power Builder 2017 to develop a windows application and I need to Know if there is a way to:

  • Enable Data Execution Prevention (DEP) in my executable.
    • Currently when I deploy my application all binaries generated have DEP option in false, so I need to know if there is a way to change the option in True?
  • Enable SafeSEH Protection in my executable.
    • Same situation when I deploy my application, all binaries generated have SafeSEH value OFF, so I need to know if there is a way to change that value to ON?
  • Enable Address space layout randomization (ASLR).
    • The executable deployed has Address space layout randomization Disabled, it is possible to change the option to Enable value?

  • Missing Anti-Tamper Protection: My Application has not implemented the Anti-tampering protection because when I deployed my app, there is a way to injected in the code caves a malicious code. I need to know if should I apply some additional changes to my code in order to ovoid this.

I really appreciate if you have any ideas on how to enable those values or if Power Builder 2019 can help me to solve those security issues.

Regards Erick.

Can the flat appearance in the PB development envi...
Powerbuilder with Oracle 18c using ODBC
Accepted Answer
Chris Pollach @Appeon
Chris Pollach @Appeon Accepted Answer Pending Moderation
  1. Wednesday, 29 January 2020 21:44 PM UTC
  2. PowerBuilder
  3. # Permalink

Hi Erick;

  FYI: Starting in PowerBuilder 12.6 (build 4058), the PowerBuilder run-time dlls are now DEP, SafeSEH enabled. ASLR is supported via its use (dependency) of the "msvcr100" DLL.

       What I do not know currently, is if Appeon Engineering has turned these features off since adopting the PB 12.6 code-line from SAP as we built PB 2017Rx.

Regards ... Chris

 

Comment
Load more comments
Roland Smith
  1. Roland Smith
  2. Thursday, 30 January 2020 00:21 AM UTC
I seem to remember someone within the last month or so posting or submitting a bug about an executable flag but I don't remember what it was.
  1. Helpful
Chris Pollach @Appeon
  1. Chris Pollach @Appeon
  2. Thursday, 30 January 2020 00:45 AM UTC
Hi Erick;

Thanks for that feedback!

I saw your ticket in the Support System & have now redirected right over to Engineering for an "official" answer. Stay tuned!

Regards... Chris
  1. Helpful
Erick Siliezar
  1. Erick Siliezar
  2. Thursday, 30 January 2020 15:30 PM UTC
Thank you Chris
  1. Helpful
There are no comments made yet.
Responses (3)
Michael Kramer
Michael Kramer Accepted Answer Pending Moderation
  1. Thursday, 30 January 2020 02:41 AM UTC
  2. PowerBuilder
  3. # 1

Hi Erick,

Here's what I see after checking PB runtimes (PB 2017 R3 + PB 2019 R2)

File ASLR DEP SafeSEH AuthentiCode
PBVM170.DLL true true true true
PBDWE170.DLL true true true true
PBVM190.DLL true true true true
PBDWE190.DLL true true true true
MyApp.EXE (P-code) true false true false
My-Lib.PBD (P-code) n/a n/a n/a n/a
MyApp.EXE (Machine code) false false false false
My-Lib.DLL (Machine code) false false false false

PB runtime files have all three enabled (ASLR + DEP + SafeSEH) -- and they are AuthentiCode signed.

Your app in P-code:

  • EXE -- Has ASLR + SafeSEH
    • Short bootstrap to kick-start PB runtime (hence ASLR + SafeSEH relevant)
    • Remainder is P-code in proprietary format running inside PB runtime.
    • I assume that's why DEP = off.
  • PBD -- 100% proprietary format - I can't see ASLR/DEP/SafeSEH apply to such proprietary format

Your app in machine code:

  • That "machine code" is not "regular machine code" -- it is machine-code version of proprietary P-code -- still running courtesy of PB runtime.
  • I assume that's why all ASLR/SafeSEH/DEP = off.

That is at least my take on the different security options you asked about when it relates to PB apps and PB runtime.

HTH /Michael
NOTE: I'm using this PowerShell module to inspect .EXE + .DLL + .PBD

 

Comment
Erick Siliezar
  1. Erick Siliezar
  2. Thursday, 30 January 2020 16:19 PM UTC


I'm using Power Shell Module too and I'm having same results as you. I put a ticket about his because I need an official answer from Appeon Support team in order to see if I can solve this issue applying some additional process or if there is no way to enable those options in my libraries. This issue was reported during an audit process in my institution so I need to have all the details about it to explain them what will be my next step.

  1. Helpful
There are no comments made yet.
Michael Kramer
Michael Kramer Accepted Answer Pending Moderation
  1. Thursday, 30 January 2020 01:21 AM UTC
  2. PowerBuilder
  3. # 2

Hi Erick,

You refer to "additional libraries" (example: cml_user.dll).
Did you compile a PowerBuilder library cml_user.pbl into machine code .DLL or does your PB code call a .DLL file you created with another tool like Visual Studio or VS Code?

A machine code version a PBL file is not a regular .DLL file so that in itself means certain attacks are impossible. 

Comment
Erick Siliezar
  1. Erick Siliezar
  2. Thursday, 30 January 2020 15:38 PM UTC
Yes, I compile my cml_user.pbl into machine code. Of course I have more than one, this is just an example.
  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.