Enabling ASLR globally, need clarification
Pages like http://my.safaribooksonline.com/9780735625303/759# and the Wikipedia article on ASLR describe a registry key setable in Windows to enable ASLR for
all PEs. After reading those articles, some question are left
1. The article claims that FFFFFFFF equals -1, Regedit calculates it to be 4294967295 however. Of course, I can't just type -1 in a DWORD value edit box. So what exactly do I have to set it to?
2. Why is that absolutely non-documented by Microsoft? I've searched the net for whatever how long and found no MSDN or other official article, only some third parties writing about that.
3. Did anyone else successfully try that?
October 19th, 2010 6:37am
Hi,
As far as I know, ASLR is enabled by default since Windows Vista. For more information, please refer to
Address Space Layout Randomization in Windows Vista
WS2008: Dynamic
Link Library Loader and Address Space Load Randomization
Hope this helps.
Thanks.
Nicholas Li - MSFT
Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
Free Windows Admin Tool Kit Click here and download it now
October 22nd, 2010 1:39am
Sorry, that doesn't help. The default behaviour is application opt-in, meaning applications have to be compiled with a special switch to be more secure. I however want all my applications, even of those with lazy developers, being executed securely.
October 22nd, 2010 3:29am