Pages like http://my.safaribooksonline.com/9780735625303/759# and the Wikipedia article on ASLR describe a registry key setable in Windows to enable ASLR for all PEs. After reading those articles, some question are left 1. The article claims that FFFFFFFF equals -1, Regedit calculates it to be 4294967295 however. Of course, I can't just type -1 in a DWORD value edit box. So what exactly do I have to set it to? 2. Why is that absolutely non-documented by Microsoft? I've searched the net for whatever how long and found no MSDN or other official article, only some third parties writing about that. 3. Did anyone else successfully try that?

Hi, As far as I know, ASLR is enabled by default since Windows Vista. For more information, please refer to Address Space Layout Randomization in Windows Vista WS2008: Dynamic Link Library Loader and Address Space Load Randomization Hope this helps. Thanks. Nicholas Li - MSFT Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Sorry, that doesn't help. The default behaviour is application opt-in, meaning applications have to be compiled with a special switch to be more secure. I however want all my applications, even of those with lazy developers, being executed securely.