Why is ASLR not activated though IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE is set?

Question

Even a minimal console Delphi program that has IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE set in its PE image does not use ASLR.

GetProcessMitigationPolicy() returns a PROCESS_MITIGATION_ASLR_POLICY of 0.

Consequently ProcessHacker (which uses this function) reports the process for this Delphi program to have ASLR disabled -- go into the process details window of ProcessHacker to see the ASLR status.

I can provide a minimal compiled Delphi program if that helps. I haven't been able to find out why ASLR is not activated.

Any ideas?

Edit: Relocation information is part of the executable. After even more debugging I found out that Delphi's delay loading code for functions imported from DLLs is the culprit. I'll precise the question when I have more information or a solution.

Edit2: I posted the executables as attachment in the following forum, since I found no way to attach anything here: http://wj32.org/processhacker/forums/viewtopic.php?p=6887#p6887

Relocation information is part of the executable. After even more debugging I found out that Delphi's delay loading code for functions imported from DLLs is the culprit. Now on to debugging this... — musings, Jan 07 '16 at 17:49
I would like to see the executable which produces this effect — peter ferrie, Jan 08 '16 at 17:26

score 1 · Answer 1 · answered Apr 17 '22 at 05:21

I'm having the same problem for a long time and had lots of investigation on this matter. In older Delphi compilers this problem don't exist and as your mentioned it is due to some API's being converted to delayed load import functions.

A while ago I reported this issue to Embarcadero and it seems they are working on it (https://blog.marcocantu.com/blog/rad111_pe_security.html). They provided a solution for now and willing to fix it in the near feature (I hope the next release).

Why is ASLR not activated though IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE is set?

1 Answers1