Starting from Vista all Windows versions implement a security mecanism called Address Space Layout Randomization (ASLR) that is seen when monitoring a process virtual memory with tools like VMMAP. Microsoft defines ASLR as:
ASLR moves executable images into random locations when a system boots, making it harder for exploit code to operate predictably. For a component to support ASLR, all components that it loads must also support ASLR. For example, if A.exe consumes B.dll and C.dll, all three must support ASLR. By default, Windows Vista and later will randomize system DLLs and EXEs, but DLLs and EXEs created by ISVs must opt in to support ASLR using the /DYNAMICBASE linker option.
Here is a sample screenshot showing ASLR loaded DLL:
You might also be interested in these
- Bourdieu’s Food Space Chart
- How does DHCP work?
- 15 Cool Firefox Tricks at LifeHack
- Haiti: Space Photo Shows Possible Landslide
- SendMeRSS: RSS feed by email