Windows Vista Address Space Layout Randomization – What is Randomized?


A couple of people asked what “on by default” means with regards to ASLR in Windows Vista. The ‘default’ for ASLR in Windows Vista is:


 


• Stacks and Heap are randomized (stack-randomization is on post-Beta 2)


 


• EXEs and DLLs shipping as part of the operating system are randomized


 


• All other EXEs and DLLs will need to explicitly opt-in via a new PE header flag; by default they will not be randomized. ‘Note that DLLs marked for randomization, such as system DLLs, will be randomized in every process (regardless of whether other binaries in that process have opted-in or not.


 


I’ll outline the last point in more detail in the next few days.

Comments (7)

  1. Gabe says:

    Are you saying that every DLL has to take the rebase perf hit?

  2. The Insider says:

    Michael Howard outlines just what exactly Windows Vista’s Address Space Layout Randomization actually…

  3. Hugo says:

    I’m confused.

    There’s a been a big hype about Vista’s all-new "superfetch", which, as far as I understand, is able to cache/preload entire images of executables and DLL’s.

    However, how does this work with ASLR? I mean, if the DLL base is always different, the fixups (all over the code sections) are always different, and the image *cannot* be superfetched, can it?

    Any thoughts?

    Thanks 🙂

    Hugo

  4. AC says:

    I hope "randomized in every process" doesn’t mean that it’s different for each process, since then memory wouldn’t be shareable?

  5. Hugo says:

    I’m confused.

    There’s a been a big hype about Vista’s all-new "superfetch", which, as far as I understand, is able to cache/preload entire images of executables and DLL’s.

    However, how does this work with ASLR? I mean, if the DLL base is always different, the fixups (all over the code sections) are always different, and the image *cannot* be superfetched, can it?

    Any thoughts?

    Thanks 🙂

    Hugo

  6. DLLs are relocated on reboot, so a DLL will be at a random location, and that location is fixed for all process unless the machine is rebooted.