As far as I know 32bit Delphi desktop applications cannot be certified for Windows 8.1 due lack of SafeSEH via Can a desktop Delphi application be certified for Windows 8
But what about 64bit Delphi desktop applications? Can they pass other requirements, since they don't have to satisfy SafeSEH requirement?
Are there any compiler/linker settings that have to be set to specific values if the answer is yes, and what is minimum Delphi version needed (obviously at least XE2).
I am specifically considering section 3 of certification requirements.
3. Apps support Windows security features
The Windows operating system has many features that support system security and privacy. Apps must support these features to maintain the integrity of the operating system. Improperly compiled apps could cause buffer overruns that can, in turn, cause denial of service or allow malicious code execute.
3.1. Your app must not use AllowPartiallyTrustedCallersAttribute (APTCA) to ensure secure access to strong-named assemblies
3.2 Your app must be compiled using the /SafeSEH flag to ensure safe exceptions handling (32bit only)
3.3 Your app must be compiled using the /NXCOMPAT flag to prevent data execution
3.4 Your app must be compiled using the /DYNAMICBASE flag for address space layout randomization (ASLR)
3.5 Your app must not Read/Write the Shared PE Sections
The only requirement that is hard to meet with Delphi is /SafeSEH
. But that does not apply to 64 bit apps.
The Windows x64 ABI uses a completely different exception model from that used by x86.
The x86 exception model is stack based. The /SafeSEH
flag applies to stack based exceptions. The x64 ABI uses table based exceptions. And /SafeSEH
is simply not applicable. Which explains the 32 bit only text that you quoted.
So it's easy to meet 3.1 and 3.5. Don't do those things. And 3.3 and 3.4 are just PE flags that you can set using {$SetPEFlags}
. Then 3.2 does not apply and you are home.