views:

220

answers:

1

I'm writing my program in VS2010 and the build target is .NET 4. I believe that the DEP compatibility flag is on by default. Is that true?

Is .NET also compatible by default with ASLR, and is ASLR turned on by default for my process, or do I have to request it at runtime?

+4  A: 

Yes, the NXCOMPAT flag is turned on by the standard .NET language compilers since .NET 2.0 SP1.

ASLR is essentially automatic in .NET programs by virtue of the JIT compiler. Where it will place the JIT compiled machine code is unpredictable. Albeit that it will likely be repeatable on the exact same machine with the exact same revision number of the CLR and the exact same flow of the startup code and the exact same DLLs getting injected into the process. Not easily targetable by malware though. The ngen-ed .NET assemblies don't support ASLR afaik.

ASLR protects against known unpatchable security flaws. The security flaw has to exist first, uncommon in verifiable code.

Hans Passant
By "ngen-ed", do you mean compiling to x86/x64 instead of "Any CPU"?
Scott Whitlock
No, I mean the ngen.exe tool. http://msdn.microsoft.com/en-us/library/6t9t5wcf%28VS.90%29.aspx
Hans Passant