WDK turns on buffer security checking (/GS1) by default when building a native/kernel project. However if a native application needs to run on downlevel OS such as Windows 2000 and was compiled with /GS, then it will encounter a consistent and timely death when it cannot find RtlUnhandledExceptionFilter in ntdll.dll. This will happen despite the fact that Windows 2000 build environment was used2 to build it.

The solution, is to disable /GS by adding a line BUFFER_OVERFLOW_CHECKS=0 to the SOURCES file. That translates to no buffer security checking (/GS-) and WDK build will stop linking to any of the BufferOverflowX.libs.

1An interesting analysis of which was made by Ollie Whitehouse at Symantec Advanced Threat Research.

2 I was using WDK build 6001.18000

Tagged with →  
Share →

Leave a Reply

Your email address will not be published. Required fields are marked *


Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop us a note so we can take care of it!

Visit our friends!

A few highly recommended friends...

Set your Twitter account name in your settings to use the TwitterBar Section.