Jump to content

DelphiUdIT

Members
 View Profile  See their activity

  • Content Count

    449

  • Joined

  • Last visited

  • Days Won

    8

Posts posted by DelphiUdIT

  5. Posted · Edited by DelphiUdIT

    Some changes are refuses from Indy team, 'cause some of them (changes) are only for the next new release (11), like I write in the recent post. Other motivations surely there are.

     

    This repo exists only to help everyone that want to update the Indy version that came with IDE.

    That is still with legacy technologies (no Oauth2, no TLSv1_3), and the Indy official repo is not compatible with Embarcadero and some tirdh-party components (like those installed from getit that need Indy).

     

    If this is not the right way, I switch the repo in "private" ... no problems.

    You are right about Remy, I don't want any test from him, my request may be misunderstood.

  8. Posted

    In the batch "clean..." there was an error ... "ren" cmd is not working if the destination file name has a path. In the normal condition (without extension options) this is an error. So I change the cmd file, including the new directories for Athens12.1 in the zip file attached.

    Clean_IDE.zip

  11. Posted · Edited by DelphiUdIT

    Yes, and I tried it this time (I mean now). My apologize to don't advertise you in time, but in my system (with standard installation of Rad Studio, so in "c:\program files (x86)\....") and of course with admin priviledge the files indicated where not backuped ("cannot backup xxx" was the message, the rename did't work ???) ... the files were deleted.

     

    In the weekend I try to understand what was the problem.

     

    Another thing about this topic: in that "cmd files" some changes are needed cause new distribution of the files in Athens 12.1 (some bpl in bin64, new "MODERN" compiler, IOS simulator) . I already adjusted the file, but I should test it (and look for backup issue).

  15. Posted · Edited by DelphiUdIT

     

    Here some posts about that (read ALL).
     

    The referring page is: https://github.com/IndySockets/Indy/wiki/Updating-Indy

     

    Take care: by now, the Indy github version is not full compatible with Embarcadero distribution.

     

    I should change some things inside (in the posts are indicated, but still confusing ...  sorry for that).

     

    One for all: don't use the automatic procedure !!!😞

    After the changes of Indy "clear cmd" about some files that should not be deleted, in my system they are deleted instead ... use manual mode like I indicated in my posts.
     

    Unfortunately I am not familiar with github and so making a replica of the Indy repository with the necessary corrections is difficult for me. Furthermore it is necessary to copy and compile some sources provided by Embarcadero, which obviously I am not authorized to distribute and I can only indicate how to proceed.

    Some of these fixes are correctly rejected by the Indy team because they are only planned for the next release (11), and so those are not in the Github repo.

    Bye

     

    P.S.: with those actions you'll have the ability use of TLS1_3 and the OpenSSL library 3.1.4 (I use those) and OAuth2 (not tested by me).

    I'll try to create a repo and put all things inside with a readme.

  16. Posted · Edited by DelphiUdIT

    Hallo,

    i tried to update the standard distribution of Indy with the github version (ssl-oauth + PR), like for 12.0 version and all is working, also for LivePreview for FMX.

    The only exception is the package "Embarcadero RAD Server Edge Components" that which causes an AV closing the RAD STUDIO. By disabling this package (which I don't use) the problem does not arise.

     

    I recompile a bunch of working project with Indy and all is OK :classic_smile:

     

  20. Posted

    4 hours ago, Kas Ob. said:

    By default all DLLs should and must be ASLR compatible because by definition and form the beginning of Windows OS and its API, the DLL loading address can't be known before hand, and can't be fixed, yet for many years and many versions, Windows loaded specific DLLs to the same addresses.

    Like exe, the DLL have a field in the IMAGE_OPTIONAL_HEADER64 - DllCharacteristics that enable or not the ASLR. In effect lot of DLLs are not ALSR compatible (especially the old ones). And they should works whenever ASLR is ON or OFF.

    https://learn.microsoft.com/it-it/windows/win32/api/winnt/ns-winnt-image_optional_header64

    Security things a part of course.

     

    Some my customer more then 10 years ago explicity want the ASLR flags On and DEP too in my applications. And that works because some libraries that the customer forced me to use were not ALSR compatible (and neither was the application obviously :classic_laugh:). Some years ago also ASLR HE was imposed, and all worked well. For this I asked the full compatibility of ASLR (HE) of C++ DLL.

     

  21. Posted · Edited by DelphiUdIT

    38 minutes ago, Brandon Staggs said:

    I don't understand this but I would like to know what you are talking about. Link?

     

    At first glance it makes zero sense that randomizing the address layout would create any kind of problem for properly written code. 

     

    Obviously that was not the problem for the OP.

     

    In fact, ASLR seems like a great way to make badly written code break during testing rather than only rarely in production...

    I don't have links, the discussion was in one webinar where I post some questions about C++, one of them was about ASLR, since they introduce set on by default (I used them before that with the PEFLAG settings).

     

    And the answer was the they are not sure about use the ASLR with Delphi and a C++ DLL. I used them before, I used them now and I had only a little problem with third part library (ASLR HE cause AV).

     

    Of course, like @David Heffernan said these is only meaning that the code is not write in the correct way ... but if those is about the C++ base environment, you cannot do nothing about, only try to "stem" the problem.

     

    I don't want to create alarms. only report what it's said about that. But for sure if ASLR create problems, some parts of the code are bad written.

     

    Another point is that Windows does not impose (force) the use of ASLR by default and that the same ASLR exclusion options are present in the Delphi project. This means that it is absolutely known that incompatibilities with ASLR exist (perhaps with legacy software) and that the exclusion of this option, even if it is a last resort, is possible.

     

  23. Posted

    2 hours ago, David Heffernan said:

    This isn't the problem. The problem is in the incorrect header file translation. The project settings that you highlight should not be changed. They are just the reason why the code has been exposed as being incorrect. That exposure should be celebrated! It's very wrong headed to try to ignore such a mistake as you propose here. 

    I agree with you on what you say, the pointer problem is indeed a problem, and obviously needs to be solved.
    But the incompatibility with 64-level DLLs and ASLR is well known: at one of the webinars, following a direct question of mine on this very topic (we were talking about DLLs with C++ and Delphi), it was confirmed that full compatibility between 64-level DLLs and ASLR could not be guaranteed when developed with C++ (Embarcadero).
    We talked about this a few months ago.
    Whether the problem is with the C++ libraries (perhaps some still 32-bit pointers?) or something else has never been clarified.

    However, I correctly use 64-bit DLLs developed in C++ Embarcadero with ASLR and ASLR HE without any problems.

×