XCShInfo.dll no ASLR
Moderators: TrackerSupp-Daniel, Tracker Support, Paul - Tracker Supp, Vasyl-Tracker Dev Team, Chris - Tracker Supp, Sean - Tracker, Ivan - Tracker Software, Tracker Supp-Stefan
XCShInfo.dll no ASLR
Title basically says it, the DLL which is apparently there for the shell extension functionality is loaded by other processes (because they use the standard Windows file picker dialog I guess?) so wouldn't it be smart if ASLR was enabled for it?
-
Tracker Supp-Stefan
- Site Admin
- Posts: 17941
- Joined: Mon Jan 12, 2009 8:07 am
- Location: London
- Contact:
Re: XCShInfo.dll no ASLR
Hello Ginfer,
Just to make sure we are on the right track, this is the ASLR you are talking about, right?
Best,
Stefan
Just to make sure we are on the right track, this is the ASLR you are talking about, right?
Best,
Stefan
-
Paul - Tracker Supp
- Site Admin
- Posts: 6901
- Joined: Wed Mar 25, 2009 10:37 pm
- Location: Chemainus, Canada
- Contact:
Re: XCShInfo.dll no ASLR
Hi Ginfer,
Because our products in the current version pre-date Vista we elected to not enable this when it became available. It will be in V3 of the Viewer because we have re-written the code.
I'm interested in knowing what you perceive as the benefits of enabling ASLR.
regards
Because our products in the current version pre-date Vista we elected to not enable this when it became available. It will be in V3 of the Viewer because we have re-written the code.
I'm interested in knowing what you perceive as the benefits of enabling ASLR.
regards
Best regards
Paul O'Rorke
Tracker Support North America
http://www.tracker-software.com
Paul O'Rorke
Tracker Support North America
http://www.tracker-software.com
Re: XCShInfo.dll no ASLR
In general or in this case (for a DLL)?Paul - Tracker Supp wrote:I'm interested in knowing what you perceive as the benefits of enabling ASLR.
For former please look at the wiki and elsewhere, it's surely better explained there than I ever could.
Concerning latter, not enabling ASLR for a DLL makes could make it easier to exploit applications that load this DLL, even when they themselves have ASLR enabled (which is BTW why some security-sensitive applications care about whether the DLLs they have loaded have ASLR enabled).
-
Tracker Supp-Stefan
- Site Admin
- Posts: 17941
- Joined: Mon Jan 12, 2009 8:07 am
- Location: London
- Contact:
Re: XCShInfo.dll no ASLR
Hello Ginfer,
I am pretty sure Paul was asking for the specific use with our .dlls
Thanks for your follow up and the article link.
As Paul noted - we are considering this for ver3 of our Viewer. The current one was created before Win Vista, so incorporating ASLR was not possible at design time, and it's not reasonable now with ver3 being so close to release.
Best,
Stefan
I am pretty sure Paul was asking for the specific use with our .dlls
Thanks for your follow up and the article link.
As Paul noted - we are considering this for ver3 of our Viewer. The current one was created before Win Vista, so incorporating ASLR was not possible at design time, and it's not reasonable now with ver3 being so close to release.
Best,
Stefan