Windows Vista Address Space Layout Randomization – What is Randomized?

A couple of people asked what “on by default” means with regards to ASLR in Windows Vista. The ‘default’ for ASLR in Windows Vista is:

 

• Stacks and Heap are randomized (stack-randomization is on post-Beta 2)

 

• EXEs and DLLs shipping as part of the operating system are randomized

 

• All other EXEs and DLLs will need to explicitly opt-in via a new PE header flag; by default they will not be randomized. 'Note that DLLs marked for randomization, such as system DLLs, will be randomized in every process (regardless of whether other binaries in that process have opted-in or not.

 

I’ll outline the last point in more detail in the next few days.