locked
Windows Media Player ASLR compatability RRS feed

  • Question

  • If I use EMETs' Force ASLR on Windows Media Player even though it has an interop, will the ASLR be forced?

    How can I make sure that it is forced?

    Thanks,



    • Edited by Gadi Tech Thursday, March 21, 2013 3:07 PM
    Thursday, March 21, 2013 3:07 PM

All replies

  • Hi Gadi Tech,

    There is a known compatibility issue with Mandatory ASLR for Windows Media Player. This is mentioned on page 14 of the EMET 3.0 User’s guide (this guide can be found in the EMET installation folder). In addition, the All.xml deployment profile includes the following:

    <Product Name="Windows Media player">

    <Version Path="*\Windows Media Player\wmplayer.exe">

    <Mitigation Name="MandatoryASLR"  Enabled="false" />

    </Version>

    </Product>

    If however you wish to enable Mandatory ASLR for Windows Media Player you can do so as follows:

    For Windows XP:

    Open EMET as follows:

    1. Press the Start button. Click All Programs and navigate to the following folder, Enhanced Mitigation Experience Toolkit. Finally click the EMET 3.0 icon.

    -----------------------------------------------------------

    For Windows Vista and Windows 7:

    1. Press the Start button. Click All Programs and navigate to the following folder, Enhanced Mitigation Experience Toolkit. Finally click the EMET 3.0 icon.

    2. Click Yes or enter your administrator password to continue if UAC (User Account Control) is enabled.

    -----------------------------------------------------------

    For Windows 8:

    1. Press the Windows key to display the Windows Start screen. Type the letters “emet” (without the quotes)

    2. The gray EMET lock icon should appear on the left side of the screen. Click this icon. Click Yes or enter your administrator password to continue if UAC (User Account Control) is enabled.

    -----------------------------------------------------------

    When the EMET application is open. Click Configure Apps.

    Direct Link To Image:

    http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/EMETConfigureAppsStep.png

    Check if wmplayer.exe is already on the list of applications. If it is (if not, please see the instructions below), ensure that the MandatoryASLR check box is enabled (checked/ticked).

    Please note that for Windows 8 32 bit, there is a known compatibility issue with SEHOP and Windows Media Player. You may need to disable SEHOP for Windows Media Player by un-ticking the SEHOP box. Media Player will not launch if you encounter this issue.

    -----------------------------------------------------------

    If you are using a 64 bit version of Windows, you should add the 64 bit and 32 bit versions of Windows Media Player to EMET.

    Click the Add button and navigate to the following folders and add wmplayer.exe to the list of protected applications. Please find below a screenshot of my Windows 7 64 bit settings, showing both 32 and 64 bit versions of Windows Media Player.

    Direct Link To Image:

    http://i742.photobucket.com/albums/xx69/Jimboc/Microsoft/EMET_Add_Application.png

    64 bit Windows:

    C:\Program Files (x86)\Windows Media Player

    C:\Program Files\Windows Media Player

    32 bit Windows:

    C:\Program Files\Windows Media Player

    Please ensure that the MandatoryASLR check box is enabled (checked/ticked) in all cases. If you experience any issues, you may need to disable MandatoryASLR.

    One of the main advantages of EMET is that it can apply maximum protection to programs while having the flexibility to not cause incompatibilities. When incompatibilities are found, the mitigations that are causing issues can simply be disabled.

    If you experience any compatibility issues with the above settings or have any other questions, please re-post in this thread and one of the forum members or myself will be happy to assist you.

    I hope this helps. Thank you.

    -----------------------------------------------------------

    Alternatively you can add Windows Media Player to the list of protected applications using the Command Line as follows:

    For Windows XP:

    Open a Windows Command Prompt window as follows:

    1. Press the Start button and click Run

    2. Type cmd in the dialog box that appears and click OK (or press Enter).

    Please note that the double quotes “ “ are to be included in the command below that you type. Type the following commands, pressing the Enter key at the end of each line.

    cd\
    cd Program Files
    cd EMET
    EMET_Conf.exe --set “*\wmplayer.exe”

    -----------------------------------------------------------

    For Windows Vista and Windows 7:

    1. Press Start, type cmd in the search box of the Windows start menu.

    2. A black icon with the word cmd beside it will appear at the top of the Start menu.

    3. Right click this icon and choose "Run As Administrator" from the menu that appears. Click Yes or enter your administrator password to continue if UAC (User Account Control) is enabled.

    Please note that the double quotes “ “ are to be included in the command below that you type. Type the following commands, pressing the Enter key at the end of each line.

    -----------------------------------------------------------

    32 bit Windows:

    cd\
    cd Program Files
    cd EMET
    EMET_Conf.exe --set “*\wmplayer.exe”

    -----------------------------------------------------------

    64 bit Windows:

    cd\
    C:\Program Files (x86)\
    cd EMET
    EMET_Conf.exe --set “*\wmplayer.exe”

    -----------------------------------------------------------

    For Windows 8:

    1. Press the Windows key to display the Windows Start screen. Type the letters “cmd” (without the quotes)

    2. A black icon with the words Command Prompt will appear on the left side of the screen. Right click this icon and then left click the “Run As Administrator" option that appears at the bottom of the screen. Click Yes or enter your administrator password to continue if UAC (User Account Control) is enabled.

    Please note that the double quotes “ “ are to be included in the command below that you type. Type the following commands, pressing the Enter key at the end of each line:

    32 bit Windows:

    cd\
    cd Program Files
    cd EMET
    EMET_Conf.exe --set “*\wmplayer.exe” -SEHOP

    -----------------------------------------------------------

    64 bit Windows:

    cd\
    C:\Program Files (x86)\
    cd EMET
    EMET_Conf.exe --set “*\wmplayer.exe”

    -----------------------------------------------------------

    If you experience any issues with Windows Media Player, please run the following command:

    Navigate to the EMET folder as shown above, then type the following:

    EMET_Conf.exe --set “*\wmplayer.exe” –SEHOP –MandatoryASLR
    • Edited by JamesC_836 Friday, March 22, 2013 10:58 AM Re-formatted code blocks
    Thursday, March 21, 2013 8:38 PM