I've heard that Windows ASLR is session-based: A DLL would be relocated only once in each session, subsequent linking to the same dll in the same session would reuse this cached relocation.
So I tried:
- Write a small program to print the address of a DLL
- Connect to the computer with RDP twice, each creates its' own session (confirmed by
query session) - Call the program within different RDP sessions
What I expect:
- Different addresses observed, since I'm in different sessions.
What actually happens:
- The addresses are the same.
Why?
