Is ASLR (Address Space Layout Randomisation) enabled throughout the Service Desk Manager product?
Note: ASLR is a mechanism which protects against memory buffer overflow attacks by randomizing the base memory address where executable code, libraries and stacks are loaded. For more information, links to information that is available from the internet at the time of the publishing of this article are listed in the Additional Information section.
Release : 14.1, 17.1, 17.2
Component : SERVICE DESK MANAGER
ASLR is enabled in the supported versions of CA SDM.
Details: The Service Desk Manager engineering/development team uses Visual Studio 2010 for all SDM versions. During the build process, /DYNAMICBASE:NO is not explicitly set, which means that the default setting applies, which is that ASLR is enabled. This applies to all EXE and DLLs that are built.
1. Clarifying the behavior of mandatory ASLR :
https://blogs.technet.microsoft.com/srd/2017/11/21/clarifying-the-behavior-of-mandatory-aslr/
2. /DYNAMICBASE (Use address space layout randomization) :
https://docs.microsoft.com/en-us/cpp/build/reference/dynamicbase-use-address-space-layout-randomization?view=vs-2019
3.Software defense: mitigating common exploitation techniques
https://blogs.technet.microsoft.com/srd/2013/12/11/software-defense-mitigating-common-exploitation-techniques/
4. How do I determine if an EXE (or DLL) participate in ASLR, i.e. is relocatable?
https://stackoverflow.com/questions/39189477/how-do-i-determine-if-an-exe-or-dll-participate-in-aslr-i-e-is-relocatable/39216123