In recent years, we have seen increased attention being given to Address Space Layout Randomization, or ASLR, in diversity research. The continuing improvements in ASLR on Linux have led to decreasing the probability of attacking vulnerable machines. Windows system also adopts ASLR technique in the operating system on Windows Vista and Windows Server 2008. We investigate the behavior of the ASLR implementation on Windows Vista. Windows Vista randomizes the base addresses of executable and DLLs (Dynamic Link Libraries) from a range of 256 (8-bit) values once per reboot. This entropy is much less than the PaX ASLR. However, the possible of breaking ASLR on Linux has generated wide interest in our research that Windows Vista ASLR technique can be broken by brute-force attack. They broke the PaX ASLR by a novel return-into-libc attack on an Apache HTTP Server. This novel attack only guesses 16-bit offset instead of knowing the address of both the library segment and the stack. Therefore, the aim of this paper attempts to avoid attackers breaking the ASLR technique on Windows Vista by using a novel return-into-dlls attack similar to this novel return-into-libc attack. To that end, we present a comprehensive system that provides: (1) 13-bit randomness at preprocessing phase, and (2) an additional re-randomizing phase to relocate the entrance of each Win32 API after called. Experiments show that our system imposes no significant overhead on the whole program. Moreover, we explore how our system defeats the classes of attacks that previous ASLR approaches cannot defense. To conclude, our security mechanism increases the effectiveness of randomization. Furthermore, the kernel of Windows 7 is based on the kernel of Windows Vista. The ASLR mechanism is also on Windows 7, and Windows 7 suffers from this problem as well. Our design still works on Windows 7.