Security Best Practices for C++ (Windows Embedded CE 6.0)
1/5/2010
This topic contains information on recommended security tools and practices. These resources and tools help make applications more secure from attacks.
Compiler Security Features
The following compiler or linker options offer security features that are built into the microprocessor compilers and linkers.
| Option | Description |
|---|---|
/GS |
This compiler option, which is on by default, instructs the compiler to inject overrun detection code into functions that are at risk of being exploited. When an overrun is detected, execution is halted. For more information, see the desktop compiler documentation. |
/SAFESEH |
This linker option applies to x86 only. The option instructs the linker to include into the output image, a table containing the address of each exception handler. At run time, the operating system uses this table to make sure that only legitimate exception handlers are run. This helps prevent the execution of exception handlers introduced by a run-time hacker attack.The option is enabled by default in the OS build system, but disabled by default when the linker is invoked directly. For more information, see the desktop compiler documentation. |
Security-Enhanced CRT
For Windows Embedded CE 6.0 and later, the C Runtime Library (CRT) has been augmented to include secure versions of functions that pose security risks. The older, insecure versions of these functions are now deprecated, and their use results in compile-time warnings.
Programmers are strongly encouraged to use the secure versions of these CRT functions rather than suppress these compilation warnings. For more information, see CRT Security Enhancements.
Safe String Functions
In addition to the security-enhanced functions in the CRT, Windows Embedded CE includes safe string functions that duplicate or enhance string functions in the CRT. In many cases, the safe string functions enable string operations to work securely with Unicode or extended character sets. For more information, see Safe String Functions.
C/C++ Code Analysis
C/C++ Code Analysis performs inter-procedural analysis on the source files.
The analysis can result in the identification of buffer overruns, semantic issues in the use of HRESULT, potential and actual memory use problems, and incorrect operator usage. In addition, it identifies many items that may simply be typos, but appear in code as format mismatches, inappropriate casting, and so on.
For more information, see C/C++ Code Analysis.
Application Verifier
Available as part of the Windows Embedded CE 6.0 Test Kit (CETK), Application Verifier is a tool that assesses the stability of an application. Application Verifier not only can detect security issues, it can also help detect common programming mistakes.
Application Verifier works by monitoring an application's use of the operating system, including the file system, registry, memory, and APIs, while the application is being run. The tool then provides guidance for source-code level fixes of the issues it uncovers.
Application Verifier lets you:
- Identify memory leaks and heap corruption, including buffer overflow and underflow, and problems with moveable memory blocks.
- Find leaks of handle types such as registry, file, event, and critical section handles.
- Determine some kinds of problems with GDI objects and user-defined objects.
For more information, see Application Verifier Tool.
Other Windows Embedded CE Security Features
Each section of the Windows Embedded CE documentation offers helpful guidelines for protecting your users and their data. For more information, see the documentation in specific feature areas.
For an overview of authentication services, credential management, and cryptographic services included in Windows Embedded CE, see Security for Windows Embedded CE.