Starting from Vista all Windows versions implement a security mecanism called Address Space Layout Randomization (ASLR) that is seen when monitoring a process virtual memory with tools like VMMAP. Microsoft defines ASLR as: 

ASLR moves executable images into random locations when a system boots, making it harder for exploit code to operate predictably. For a component to support ASLR, all components that it loads must also support ASLR. For example, if A.exe consumes B.dll and C.dll, all three must support ASLR. By default, Windows Vista and later will randomize system DLLs and EXEs, but DLLs and EXEs created by ISVs must opt in to support ASLR using the /DYNAMICBASE linker option.

 

Here is a sample screenshot showing ASLR loaded DLL: 

Share and Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • blinkbits
  • BlinkList
  • blogmarks
  • connotea
  • del.icio.us
  • De.lirio.us
  • digg
  • Furl
  • LinkaGoGo
  • Ma.gnolia
  • NewsVine
  • Reddit
  • Simpy
  • Spurl
  • YahooMyWeb

You might also be interested in these



No Responses to “What is Address Space Layout Randomization?”  

  1. No Comments

Leave a Reply