Enabling DEP and ASLR for your Delphi projects
If you’d like to enable DEP and ASLR for your Delphi projects, the good news is that it’s really, really easy with Delphi 2007 and newer.
Also, you definitely *should* enable both of these. If you want to know why, read this.
- DEP and ASLR are designed to increase an attacker’s exploit development costs and decrease their return on investment.
- The combination of DEP and ASLR is very effective at breaking the types of exploits we see in the wild today, but there are circumstances where they can both be bypassed.
- Exploits targeting Microsoft and third party vulnerabilities have been created that are capable of bypassing DEP and ASLR in the context of browsers and third party applications.
- We are currently not aware of any remote exploits that are capable of bypassing DEP and ASLR in the context of in-box Windows services and various other application domains.
- Knowledge of potential bypass techniques directly informs our future work to improve the robustness and resiliency of DEP, ASLR, and our other mitigation technologies.
Here’s how to enable DEP and ASLR for your Delphi projects:
The easiest way of enabling both ASLR and NX is to do this:
- Add the following to the project source file (.dpr or .dpk):
So, how do you verify that DEP and ASLR actually get set on your executable? The easiest way is to use a tool like Process Explorer (free):