Experience the modern language features of Visual C + + 2005 (5)

Reliable Security

In 2002, Bill Gates announced a credible calculation that has had a profound impact on all the products that Microsoft has developed. Developers of Windows operating systems have spent months on security training and code review, with the result that Windows Server 2003 is the safest operating system ever released by the company. Microsoft Office 2003 also contains a number of security features, such as IRM (Information Rights Management), enhanced macro security, blocked downloads of HTML in Outlook, and so on. The developer of the Visual C + + 2005 compiler has also made great strides in this regard, making the compiler and the code they generate more secure.

Visual Studio. NET 2002 introduces a buffer security check option/GS in the compiler, if the compiler considers that some functions may cause a buffer overflow attack, this option can allocate a certain amount of space on the stack before the function's return address, and at the entry of the function, Place a secure cookie with a given value in this buffer, and when the function exits, check that the cookie has been corrupted, the change in the cookie value represents the return address, a potential overwrite (overwrite), an error occurs, and the program terminates. Of course, this does not prevent all types of overflow attacks.

Visual Studio. NET 2003 extends the/GS option to prevent local variables from exceeding the limit by sorting the local variables on the stack so that the array can allocate space in memory that is higher than the local variable. This method can prevent vtable hijacking and other pointer attacks.

Figure 5: Vintage/GS
and Visual C + + 2005 is a step further on this basis, normally when a function call occurs, the function activates the runtime structure as shown in Figure 5, and if one of the local buffers is out of bounds, an attacker could overwrite anything on this stack, including exception handling, security cookies, Frame pointer, return address, and function arguments. Most of these values are protected by different mechanisms (such as security exception handling), but there is still a chance of overflow for a function that has a function pointer as a parameter. If a function accepts a function pointer (or struct, class contains a function pointer) as an argument, it is possible for an attacker to overwrite the value in the pointer so that the code executes any function he wants. In view of this, the Visual C + + 2005 compiler analyzes all function parameters that may have this vulnerability, and arranges the structure of the function when it is activated as inserted in 8, copying a function argument-not using the original function arguments, and placing them under the local variables in the stack. If the original function parameter is overwritten, the entire function will not be breached as long as the value in the copy remains unchanged.

　　
Figure 6: New/GS
To follow the trusted calculation of default security, the Visual C + + 2005 compiler is the default open buffer security check option, which ensures that software products compiled with Visual C + + are more secure. In fact, Microsoft has rebuilt all products, including Windows, Office, SQL Server, with this option.

The big improvement on Visual C + + 2005 on the other hand is that when code is written, security ideas are always implemented. The vast majority of applications rely on the C Run-time Library (CRT) and the Standard Template Library (STL). While these libraries were originally designed, code security was not in an important position, and many of the current methods of attack were not known at the time, and as a result, most of the functions in these libraries are often in an unsafe way of using Opened the door for a potential attack.

In Visual C + + 2005, Microsoft introduced a new version of these libraries. In the new version, these libraries have been overridden by the realization that all functions lead to common security issues, and provide a more secure version of the functions that can be replaced, and the long-term goal is to replace all of their "unsafe" versions with these more robust copies. In the new version of the CRT only, more than 400 new "security" functions are introduced, and all pointer parameters are checked for null values (NULL), and all functions that perform the memory copy operation, including the source and destination addresses, are explicitly given the number of bytes that need to be replicated.

Conclusion

Visual C + + 2005 brings many exciting features, such as CLR deferred loading for mixed images, local AppDomain APIs, new declspecs for AppDomains and process global variables, module constructors, obj files, and . NET Module linker support, implicit boxing (boxing), (same as C # developers might like) XML annotation syntax, new versions of the. NET Framework's STL, Param Array, alias hints, new floating-point patterns, operator overloads, and so on; , but believe that every new function will bring different programming experience to everyone.

Any new version of the language based on the. NET framework often raises the question: "If you write." NET platform program, what language should my development team use? "Today, if you often have some local interop, the answer is simple, C + + is the easiest language to use for local interop operations, and it is most efficient." Also, if you want to transplant an existing C + + program to. NET platform, in fact, in addition to Visual C + +, there is no better way to choose, while porting existing applications to. NET platform, this is Microsoft's most recommended method.

For the development of new applications, you may ask, in the selection based. NET language, why developers appear dazed and overwhelmed, there is no straightforward answer, because each language has its advantages, but for pure. NET program, the experience of C #, Visual Basic, and C + + is the same. As a developer, if you are accustomed to a particular language, there is no need to switch to another.
　
You might choose C + +, however, in any interop operation, because of the direct built-in support for interop, the C + + experience is better than any other language. In addition, the deterministic cleanup provided by the destructor has no value except to avoid resource leaks and guarantee the correctness of the program. At the same time, C + + also has some powerful features, it can be used in combination with the functionality provided by the CLR above, for example, C + + does not just support templates and generics, but also supports the combination of both, which is more powerful and expressive than using one alone; In particular, a practical technique for writing library files is Write a template and implement a generic interface so that the resulting template is powerful and highly scalable, such as template-specific, so that other languages can also directly use objects instantiated through the template generic interface. In short, C + + is not the reputation of the waves, and finally stood where it should stand.