ASLR (address space layout randomization) is used to distribute the entry data points of the system code in the memory, so that the entry data points are in an unpredictable position. In this case, it is difficult to locate system functions when malicious code accesses the system. For example, when the computer is started today, the location of wsock32.dll in the physical memory is 0x73200000, and tomorrow this location may be 0x779b0000.
DEP (Data Execution Protection) is a series of software security checks that use the Exception Handling Mechanism in Windows and the code in the execution data page to prevent malicious code.
However, these security features can only be used when developers combine them with applications. According to the Secunia report, many software applications do not support these security features, and developers cannot use these security features well. When the report is reported, neither Java, Apple QuickTime, Foxit Reader, Google Picasa, OpenOffice.org, RealPlayer, nor VLC media player can be integrated with DEP or ASLR. From this point of view, many malicious hackers attack applications, not Windows systems, for a deep reason. Windows fully utilizes the security features of DEP and ASLR. It is gratifying that, after the report was published, some vendors added support for these security options in recent patches, and some are working to improve this situation.
Many organizations do not adopt the Windows DEP or ASLR security feature, which is based on time and financial considerations. However, it is a good suggestion to let enterprise developers learn how to combine these security controls with internal applications. If developers in enterprises use Microsoft Visual Studio, it is easy to execute these two security functions and the execution process will be well recorded. Many online resources describe how to integrate security functions with applications. Visual C ++ Team Blog involves how to set the connector to select/DYNAMICBASE and/NXCOMPAT:/DYNAMICBASE to modify the data header of the execution program, to display whether the program needs to reset the base randomly when loading the operating system. ASLR and/NXCOMPAT are used to specify executable programs compatible with DEP. You can clearly set these two options in Visual Studio. The default setting is "enable ".
Windows Vista SP1, Windows XP SP3, and Windows Server 2008 Add a new API, namely Set Process DEP Policy, which allows developers to Set DEP during runtime rather than using connector options. Microsoft's Michael Howard explained in more detail in his blog that the MSDN Library has some programming considerations and application compatibility issues, you should also consider these issues when using these security controls.
ASLR and DEP are two security functions that enterprises should integrate with their own applications. To this end, Microsoft provides a lot of information about how to integrate it. Even if the information is novel to developers, it is not difficult. In addition, applications become more secure due to the combination of security features.