2

Testing ALSR in Delphi with a blank VCL project on Windows 10.

In the VCL Project File added:

{$SETPEOPTFLAGS $140} //Set ASLR and DEP

When “Link with runtime packages” is false, Process Explorer lists Address Space Layout Randomization as “Enabled (permanent)Disabled”. When “Link with runtime packages” is true, Process Explorer lists Address Space Layout Randomization as “Bottom-Up”.

I tested with my app as 32 and 64-bit as well as 32 and 64-bit Process Explorer. Same answers from both Process Explorers.

What’s the difference between “Enabled (permanent)Disabled” and “Bottom-Up” and why is this affected by runtime packages?

DelphiGuy
  • 211
  • 2
  • 11
  • Did you verify if optional flags set correctly for generated PE? Studying the effects Process Explorer is kind of next step. – Free Consulting Mar 29 '17 at 19:14
  • 1
    Yes, the optional flags are being set in the dll characteristics part of the PE header. Thanks. – DelphiGuy Mar 29 '17 at 22:12
  • This is not really a Delphi question, it's more of a Windows question. You'd be better off asking it in pure winapi tag. Packages are just DLLs. You should see the same behaviour with a C++ program built in VS that uses load time linking to DLLs. Presumably the PE flags of the linked DLLs are inspected by the loader at process initialization, and that determines the outcome. – David Heffernan Mar 30 '17 at 08:31
  • Thanks. I don't have VS, but wonder if VS experiences the same outcome where using load time linking is required to show ASLR is being used (in my case "Bottom-Up"). I'm sort of stuck on the phrase "Enabled (permanent)Disabled". It sounds like a contrasting phrase. I'll change the PE headers of the bpl's loaded and re-test without runtime packages. Thanks again. – DelphiGuy Mar 30 '17 at 15:27
  • Ignore the above. I hit enter accidentally. ---- In Full ---- Additional info - Compiled a blank vcl program with no ASLR settings. 32-bit - it's listed as "Disabled (permanent), Disabled". 64-bit - the blank program is listed as "Enabled (permanent), Disabled". It appears that the 1st Disabled/Enabled (permanent) in the ASLR Process Explorer description means the OS setting. The second Disabled/Enabled is the program setting. In 64-bit, the "Enabled (permanent), Disabled" the exe is always at the same base address, but the DLL addresses are using ASLR. – DelphiGuy Apr 03 '17 at 22:43

0 Answers0