Address Space Layout Randomization (ASLR) not enabled.
The following OPC binaries do not have ASLR enabled when allocating dynamic memory.
- opccomn_ps.dll (version: 220.127.116.11)
- opcproxy.dll (Version: 18.104.22.168)
I would like to know whether which version of above dll are having "ASLR" enable option and from where I can get it. Could anyone give opinion on it.
Randy Armstrong said
The DLLs may predate that feature in the C++ compilers and it is likely not a good idea to turn it on because those DLLs are shared by many different applications and changes like that could break something.
Thank you so much for the information. I would like to get the latest source code of the two binaries (opccomn_ps.dll, opcproxy.dll). Could you please provide link or reference from where I can get the source code downloaded.
I suggest you do some testing after enabling system wide mandatory ASLR on Windows 8 or later:
It can be used with DLLs that have not enabled ASLR and should give you "better than nothing" protection when you control the specific systems that are being used.
There are no plans to make any changes to proxy/stubs because they are used by thousands of applications that are not maintained anymore and could break if ASLR is enabled in the proxy/stubs. The link above indicates that Microsoft has limited the effectiveness of the mandatory ASLR specifically because of the risk of creating problems with legacy applications.
All code is here:
Only available to Corporate Members.