简体繁体 English

[c＃]如何为C＃应用程序指定/ GS选项？

[英][c#]How to specify /GS, options to c# application?

原文 2009-11-18 04:11:20 6 2 c#/ compiler-options

As you know, /GS are Visual C++ Compiler or Linker Options. 如您所知， / GS是Visual C ++编译器或链接器选项。

Can i Specify /GS in c# compiler or linker? 我可以在C＃编译器或链接器中指定/ GS吗？
Are these flags enabled by default in c# applications? 这些标志在c＃应用程序中是否默认启用？
[Edit]: change the question contents: [编辑]：更改问题内容：
2a. 2a。 Are these features enabled (by these compiler options as in Visual C++) by default in c# applications? 默认情况下，在c＃应用程序中是否启用了这些功能（通过Visual C ++中的这些编译器选项）？
Is there a way to find out wheather a .exe/.dll file is build with these flags? 有没有办法找出使用这些标志构建的.exe / .dll文件？

Thanks in advance. 提前致谢。

2 个解决方案

None of those options exist in C# because C# generates managed code and C++ generates native code (machine language code). C＃中不存在这些选项，因为C＃生成托管代码，而C ++生成本机代码（机器语言代码）。 Managed code is called 'verifiable' because it has much stricter checking than C/C++ and enforces type safety in ways that C++ and native code cannot. 托管代码被称为“可验证的”，因为它比C / C ++进行更严格的检查，并以C ++和本机代码无法执行的方式强制执行类型安全。 (These checks are irrelevant for managed code written in C++/CLI). （这些检查与用C ++ / CLI编写的托管代码无关。）

Much of this is due to the fact that that native code runs directly on the hardware and managed code runs inside the .NET run time (CLR). 这主要是由于本机代码直接在硬件上运行，而托管代码在.NET运行时（CLR）内运行。

Allow me to go over the options one by one 请允许我一一讨论

/analyze - I'm not all the familiar with this option, but looking at the list of what it checks , none of those errors are possible or a problem in managed code. / analyze-我对这个选项不是很熟悉，但是查看它所检查的列表，这些错误均不可能发生，也不是托管代码中的问题。 For example the first warning C6031 is not a problem because managed codes will throw an exception that can't be ignored when it doesn't succeed. 例如，第一个警告C6031没问题，因为托管代码将引发异常，如果该异常无法成功，则将无法忽略该异常。
/GS - Managed code (ignoring unsafe ) doesn't directly access memory and is immune to buffer overflows. / GS-托管代码（忽略unsafe ）不会直接访问内存，并且不受缓冲区溢出的影响。 You'll get an exception rather than overflowing into other memory. 您将获得一个异常，而不是溢出到其他内存中。
/DynamicBase - Managed code produces byte called Intermediate Language (IL) and is dynamically compiled to native code ( JIT ) at run time, so it has no fixed address space to randomize. / DynamicBase-托管代码生成称为中间语言（IL）的字节，并在运行时动态编译为本机代码（ JIT ），因此它没有固定的地址空间可随机化。
/SafeSEH - Managed code has it's own exception mechanism and doesn't use SEH. / SafeSEH-托管代码具有其自己的异常机制，并且不使用SEH。

I'm guessing your trying to do a code audit/run static analysis tools to ensure that security/SDL best practices are being followed. 我猜您正在尝试执行代码审核/运行静态分析工具，以确保遵循安全性/ SDL最佳实践。 If you are keep reading... 如果您继续阅读...

There is a tool called Binscope that can be used to check that your native/C++ binaries are compiled with the /GS, /SafeSEH, /NXCOMPAT, and /DYNAMICBASE. 有一个名为Binscope的工具，可用于检查您的本机/ C ++二进制文件是使用/ GS，/ SafeSafeH，/ NXCOMPAT和/ DYNAMICBASE编译的。 These are C++ specific options that make it harder for attackers to exploit buffer overruns. 这些是C ++特定的选项，使攻击者更难利用缓冲区溢出。 (Binscope also checks for a few other things) （Binscope还检查其他一些内容）

The only thing Binscope checks for in C#/managed binaries is if they are using strong names. Binscope在C＃/托管二进制文件中唯一要检查的是它们是否使用强名称。 The closest thing to binscope for C# is FxCop which will detail a bunch of potential issues in your managed .Net code. 最接近C＃的binscope的是FxCop ，它将详细说明托管的.Net代码中的一系列潜在问题。 For security, fix any security warnings that FxCop produces and you are on your way. 为了安全起见，请修复FxCop产生的所有安全警告，并且您在旅途中。

The /analyze flag causes Visual Studio to do some static analysis of your native code and lets you know if it finds anything suspicious. / analyze标志使Visual Studio对您的本机代码进行静态分析，并让您知道它是否发现可疑的内容。 The C#/.Net equivalent is the security part of FxCop. C＃/。Net等效项是FxCop的安全性部分。