Freigeben über


Windows Vista Address Space Layout Randomization – What is Randomized?

A couple of people asked what “on by default” means with regards to ASLR in Windows Vista. The ‘default’ for ASLR in Windows Vista is:

 

• Stacks and Heap are randomized (stack-randomization is on post-Beta 2)

 

• EXEs and DLLs shipping as part of the operating system are randomized

 

• All other EXEs and DLLs will need to explicitly opt-in via a new PE header flag; by default they will not be randomized. 'Note that DLLs marked for randomization, such as system DLLs, will be randomized in every process (regardless of whether other binaries in that process have opted-in or not.

 

I’ll outline the last point in more detail in the next few days.

Comments

  • Anonymous
    June 06, 2006
    Are you saying that every DLL has to take the rebase perf hit?
  • Anonymous
    June 06, 2006
    Michael Howard outlines just what exactly Windows Vista's Address Space Layout Randomization actually...
  • Anonymous
    June 07, 2006
    I'm confused.

    There's a been a big hype about Vista's all-new "superfetch", which, as far as I understand, is able to cache/preload entire images of executables and DLL's.

    However, how does this work with ASLR? I mean, if the DLL base is always different, the fixups (all over the code sections) are always different, and the image cannot be superfetched, can it?

    Any thoughts?

    Thanks :-)
    Hugo
  • Anonymous
    June 07, 2006
    I hope "randomized in every process" doesn't mean that it's different for each process, since then memory wouldn't be shareable?
  • Anonymous
    June 07, 2006
    I'm confused.

    There's a been a big hype about Vista's all-new "superfetch", which, as far as I understand, is able to cache/preload entire images of executables and DLL's.

    However, how does this work with ASLR? I mean, if the DLL base is always different, the fixups (all over the code sections) are always different, and the image cannot be superfetched, can it?

    Any thoughts?

    Thanks :-)
    Hugo
  • Anonymous
    June 11, 2006
    PingBack from http://www.tuxedo-es.org/blog/2006/06/11/microsoft-windows-vista-measuring-the-security-enhancements-so-to-speak/
  • Anonymous
    June 12, 2006
    DLLs are relocated on reboot, so a DLL will be at a random location, and that location is fixed for all process unless the machine is rebooted.