Allow disabling of DEP/ASLR. DEP disabling needed for ISPack's isxdl.…

…dll.

Components/ScintStylerInnoSetup.pas

@@ -126,6 +126,7 @@   TInnoSetupStylerLineState = record
     ssAppVersion,
     ssArchitecturesAllowed,
     ssArchitecturesInstallIn64BitMode,
+    ssASLRCompatible,
     ssBackColor,
     ssBackColor2,
     ssBackColorDirection,
@@ -144,6 +145,7 @@   TInnoSetupStylerLineState = record
     ssDefaultUserInfoName,
     ssDefaultUserInfoOrg,
     ssDefaultUserInfoSerial,
+    ssDEPCompatible,
     ssDirExistsWarning,
     ssDisableDirPage,
     ssDisableFinishedPage,

Projects/Compile.pas

@@ -85,6 +85,7 @@   TParamValue = record
     ssAppVersion,
     ssArchitecturesAllowed,
     ssArchitecturesInstallIn64BitMode,
+    ssASLRCompatible,
     ssBackColor,
     ssBackColor2,
     ssBackColorDirection,
@@ -103,6 +104,7 @@   TParamValue = record
     ssDefaultUserInfoName,
     ssDefaultUserInfoOrg,
     ssDefaultUserInfoSerial,
+    ssDEPCompatible,
     ssDirExistsWarning,
     ssDisableDirPage,
     ssDisableFinishedPage,
@@ -365,7 +367,7 @@   TSetupCompiler = class
     SetupHeader: TSetupHeader;
 
     SetupDirectiveLines: array[TSetupSectionDirectives] of Integer;
-    UseSetupLdr, DiskSpanning, BackSolid, TerminalServicesAware: Boolean;
+    UseSetupLdr, DiskSpanning, BackSolid, TerminalServicesAware, DEPCompatible, ASLRCompatible: Boolean;
     DiskSliceSize, DiskClusterSize, SlicesPerDisk, ReserveBytes: Longint;
     LicenseFile, InfoBeforeFile, InfoAfterFile, WizardImageFile: String;
     WizardSmallImageFile: String;
@@ -825,7 +827,7 @@ function Is64BitPEImage(const Filename: String): Boolean;
 end;
 
 procedure UpdateSetupPEHeaderFields(const F: TCustomFile;
-  const IsTSAware: Boolean);
+  const IsTSAware, IsDEPCompatible, IsASLRCompatible: Boolean);
 const
   IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE = $0040;
   IMAGE_DLLCHARACTERISTICS_NX_COMPAT = $0100;
@@ -866,14 +868,21 @@ procedure UpdateSetupPEHeaderFields(const F: TCustomFile;
         F.Seek(Ofs + OffsetOfDllCharacteristics);
         if F.Read(DllChars, SizeOf(DllChars)) = SizeOf(DllChars) then begin
           OrigDllChars := DllChars;
-          { Note: because we stripped relocations from Setup(Ldr).e32 during
-            compilation IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE won't actually
-            enable ASLR, but setting it anyway to make checkers happy. }
-          DllChars := DllChars or IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE or IMAGE_DLLCHARACTERISTICS_NX_COMPAT;
           if IsTSAware then
             DllChars := DllChars or IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
           else
             DllChars := DllChars and not IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE;
+          if IsDEPCompatible then
+            DllChars := DllChars or IMAGE_DLLCHARACTERISTICS_NX_COMPAT
+          else
+            DllChars := DllChars and not IMAGE_DLLCHARACTERISTICS_NX_COMPAT;
+          { Note: because we stripped relocations from Setup(Ldr).e32 during
+            compilation IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE won't actually
+            enable ASLR, but allow setting it anyway to make checkers happy. }
+          if IsASLRCompatible then
+            DllChars := DllChars or IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
+          else
+            DllChars := DllChars and not IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE;
           if DllChars <> OrigDllChars then begin
             F.Seek(Ofs + OffsetOfDllCharacteristics);
             F.WriteBuffer(DllChars, SizeOf(DllChars));
@@ -3660,6 +3669,9 @@ procedure TSetupCompiler.EnumSetup(const Line: PChar; const Ext: Integer);
     ssArchitecturesInstallIn64BitMode: begin
         SetupHeader.ArchitecturesInstallIn64BitMode := StrToArchitectures(Value, True);
       end;
+    ssASLRCompatible: begin
+        ASLRCompatible := StrToBool(Value);
+      end;
     ssBackColor: begin
         try
           SetupHeader.BackColor := StringToColor(Value);
@@ -3797,6 +3809,9 @@ procedure TSetupCompiler.EnumSetup(const Line: PChar; const Ext: Integer);
     ssDefaultUserInfoSerial: begin
         SetupHeader.DefaultUserInfoSerial := Value;
       end;
+    ssDEPCompatible: begin
+        DEPCompatible := StrToBool(Value);
+      end;
     ssDirExistsWarning: begin
         if CompareText(Value, 'auto') = 0 then
           SetupHeader.DirExistsWarning := ddAuto
@@ -8119,7 +8134,7 @@ procedure TSetupCompiler.Compile;
         ConvertFilename := E32Filename;
 
       M := TMemoryFile.Create(ConvertFilename);
-      UpdateSetupPEHeaderFields(M, TerminalServicesAware);
+      UpdateSetupPEHeaderFields(M, TerminalServicesAware, DEPCompatible, ASLRCompatible);
       if shSignedUninstaller in SetupHeader.Options then
         SignSetupE32(M);
     finally
@@ -8291,6 +8306,8 @@ procedure TSetupCompiler.Compile;
     CompressProps := TLZMACompressorProps.Create;
     UseSetupLdr := True;
     TerminalServicesAware := True;
+    DEPCompatible := True;
+    ASLRCompatible := True;
     DiskSliceSize := MaxDiskSliceSize;
     DiskClusterSize := 512;
     SlicesPerDisk := 1;
@@ -8809,7 +8826,7 @@ procedure TSetupCompiler.Compile;
           end;
           SetupFile := TFile.Create(ExeFilename, fdOpenExisting, faReadWrite, fsNone);
           try
-            UpdateSetupPEHeaderFields(SetupFile, TerminalServicesAware);
+            UpdateSetupPEHeaderFields(SetupFile, TerminalServicesAware, DEPCompatible, ASLRCompatible);
             SizeOfExe := SetupFile.Size.Lo;
           finally
             SetupFile.Free;

ishelp/isetup.xml

@@ -887,8 +887,10 @@ DefaultGroupName=My Program
 <heading>Compiler-related</heading>
 
 <ul appearance="compact">
+<li><link topic="setup_aslrcompatible">ASLRCompatible</link></li>
 <li><link topic="setup_compression">Compression</link></li>
 <li><link topic="setup_compressionthreads">CompressionThreads</link></li>
+<li><link topic="setup_depcompatible">DEPCompatible</link></li>
 <li><link topic="setup_diskclustersize">DiskClusterSize</link></li>
 <li><link topic="setup_diskslicesize">DiskSliceSize</link></li>
 <li><link topic="setup_diskspanning">DiskSpanning</link></li>
@@ -4854,6 +4856,22 @@ DiskSliceSize=1457664
 </body>
 </setuptopic>
 
+<setuptopic directive="DEPCompatible">
+<setupvalid><link topic="yesnonotes"><tt>yes</tt> or <tt>no</tt></link></setupvalid>
+<setupdefault><tt>yes</tt></setupdefault>
+<body>
+<p>Specifies whether the compiler should set the "NX Compatible" flag in the headers of the Setup and Uninstall programs to mark them compatible with data execution prevention (DEP). This feature is new to version 5.5.7 and defaults to <tt>yes</tt>; previous versions never set the flag.</p>
+</body>
+</setuptopic>
+
+<setuptopic directive="ASLRCompatible">
+<setupvalid><link topic="yesnonotes"><tt>yes</tt> or <tt>no</tt></link></setupvalid>
+<setupdefault><tt>yes</tt></setupdefault>
+<body>
+<p>Specifies whether the compiler should set the "Dynamic Base" flag in the headers of the Setup and Uninstall programs. This feature is new to version 5.5.7 and defaults to <tt>yes</tt>; previous versions never set the flag.</p>
+</body>
+</setuptopic>
+
 <setuptopic directive="SetupLogging">
 <keyword value="logging" />
 <keyword value="/LOG" />

whatsnew.htm

@@ -28,7 +28,12 @@
 
 <p><a name="5.5.7"></a><span class="ver">5.5.7 </span><span class="date">(2015-12-28)</span></p>
 <ul>
-<li><b>Change in default behavior:</b> As recommended by Microsoft's desktop applications guideline, <tt>DisableWelcomePage</tt> now defaults to <tt>yes</tt>. Additionally <tt>DisableDirPage</tt> and <tt>DisableProgramGroupPage</tt> now default to <tt>auto</tt>. The defaults in all previous versions were <tt>no</tt>.</li>
+<li><b>Change in default behavior:</b>
+<ul>
+  <li>As recommended by Microsoft's desktop applications guideline, <tt>DisableWelcomePage</tt> now defaults to <tt>yes</tt>. Additionally <tt>DisableDirPage</tt> and <tt>DisableProgramGroupPage</tt> now default to <tt>auto</tt>. The defaults in all previous versions were <tt>no</tt>.</li>
+  <li>The Setup and Uninstall programs are now marked as DEP and ASLR compatible. This can be disabled setting the new <tt>DEPCompatible</tt> and  <tt>ASLRCompatible</tt> [Setup] section directives to <tt>no</tt>. Doing this for DEP compatibility might be needed if you're using a buggy third-party DLL from [Code].</li>
+</ul>
+</li>
 <li>The Compiler IDE's New Script Wizard now offers to create a shortcut to the main executable in the common Start Menu Programs folder instead of creating a new Start Menu folder especially for the application. This option is enabled by default and is recommended by Microsoft unless you install a suite of applications rather than a single application.</li>
 <li>The <tt>WizardImageFile</tt> and <tt>WizardSmallImageFile</tt> [Setup] section directives now support 32 bit bitmap files with an alpha channel. Use the new <tt>WizardImageAlphaFormat</tt> [Setup] section directive to specify if the bitmap file has its red, green and blue channel values premultiplied with the alpha channel value or not. Contributed by <a href="https://github.com/shadow-cs" target="_blank">Honza Rame&scaron;</a> via <a href="https://github.com/jrsoftware" target="_blank">GitHub</a>.</li>
 <li>The <tt>WizardImageBackColor</tt> [Setup] section directive is now deprecated and ignored, just like the similar <tt>WizardSmallImageBackColor</tt> directive already was. Any unused space around the wizard image is now filled with the standard window color (usually white).</li>
@@ -42,7 +47,7 @@
   <li>Added new functions <tt>GetOpenFileNameMulti</tt> and <tt>SelectNewDisk</tt>.</li>
   <li>Added C# version of the MyDll.dll example DLL <a href="https://github.com/jrsoftware/issrc/blob/master/Examples/Mydll/C%23/Mydll.cs">showing</a> how to call .NET assemblies from [Code] without requiring COM or other DLLs. Uses <a href="https://sites.google.com/site/robertgiesecke/Home/uploads/unmanagedexports">Unmanaged Exports</a> by Robert Giesecke.</li>
 </ul>
-<li>The Setup and Uninstall programs are now marked as DEP and ASLR compatible.</li>
+</li>
 <li>Unicode [Code] based on RemObjects Pascal Script Git commit bfc1255636eb959f102d0279721b05ba85fbe7da.</li>
 <li>Minor tweaks.</li>
 </ul>
@@ -70,6 +75,7 @@
   <li>Added new command line parameter /Qp. Can be used to enable quiet compile while still displaying progress. Contributed by <a href="https://github.com/KngStr" target="_blank">KngStr</a> via <a href="https://github.com/jrsoftware" target="_blank">GitHub</a>.</li>
   <li>ISCC now automatically specifies any Sign Tools configured using the IDE, eliminating the need to specify these using the /S command line parameter. Also contributed by <a href="https://github.com/KngStr" target="_blank">KngStr</a> via <a href="https://github.com/jrsoftware" target="_blank">GitHub</a>.</li>
 </ul>
+</li>
 <li>Pascal Scripting changes:
 <ul>
   <li>Added new function <tt>CurrentSourceFileName</tt>, which returns the source file name of the [Files] entry that is currently being processed. The returned name may include constants. <i>Note:</i> Do not attempt to call this function from outside a Check, BeforeInstall or AfterInstall event function belonging to a [Files] entry with the <tt>external</tt> flag.</li>
@@ -99,6 +105,7 @@
   <li>Added new event function <tt>CurInstallProgressChanged</tt>, which you can use to monitor progress while Setup is extracting files, creating shortcuts, creating INI entries, and creating registry entries. See the help file and the <i>CodeExample1.iss</i> example script for more information. Contributed by <a href="https://github.com/tlama" target="_blank">TLama</a> via <a href="https://github.com/jrsoftware" target="_blank">GitHub</a>.</li>
   <li><tt>WizardForm.BeveledLabel</tt> visibility is now automatically handled even if its caption was set from [Code].</li>
 </ul>
+</li>
 <li>Unicode [Code] based on RemObjects Pascal Script Git commit 538905910852bcbeef646f26592a973d15d3d5ec.</li>
 <li>Minor tweaks.</li>
 </ul>