Forcing SEHOP? Is it possible?

Discussion in 'other software & services' started by Hungry Man, Oct 18, 2011.

Thread Status:
Not open for further replies.
  1. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I'm wondering if there's any way to force SEHOP as a system wide setting. I know ASLR would crash the computer (for me anyways) but I'm curious about SEHOP.
     
  2. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    you should have a look at Enhanced Mitigation Experience Toolkit. its a free download from microsoft designed to help prevent exploits by helping to enable certain technologies including Sehop and ASLR. you can exclude an application if it doesnt work and djust the settings for that app until it works again.
     
  3. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    Hungry knows about EMET and uses it. I think he is asking is it possible thru EMET or with a registry setting or something.
     
  4. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Through any means really. EMET only allows for Opt Out at best.
     
  5. JimboW

    JimboW Registered Member

    Joined:
    Oct 22, 2010
    Posts:
    209
    I think you can only have opt out. You can enable it here HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\kernel\DisableExceptionChainValidation. A setting of 0 enables it but I'm pretty sure it just does the same as EMET (opt out).
     
  6. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yeah it's the same as EMET. I've seen one person with EMET have Always On though. I don't know if it was functional... but they didn't know how they got it that way.
     
  7. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    Thats what I was saying Hungry
     
  8. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yup, I was agreeing.
     
  9. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    I believe the "Always On" option is only available to Vista users. For Windows 7 users, the "Opt Out" option is pretty much a system wide setting similar to the "Always On" option in Vista; the exception or difference mainly being that with Windows 7, you can now disable SEHOP on a per-process basis:

    Source: SEHOP per-process opt-in support in Windows 7

    So, basically as long as there is no IFEO that is set to 1 for any program in the registry (open up regedit.exe and check it for yourself;) ), you do not have to "force SEHOP" any further:p
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yeah, the guy was on vista.

    Thank you.
     
Loading...
Thread Status:
Not open for further replies.