I noticed that Delphi programs (such as setups created with InnoSetup) can have ASLR enabled, but will show as having it disabled in Process Hacker.
In the main window, if you activate the ASLR column, it will show it as present for that Delphi program (IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE is set in the PE image). But if you look at the properties of the same process, it shows ASLR: Disabled.
I found out that this information in the property window is obtained through GetProcessMitigationPolicy(), which indeed returns 0 for this process.
What to do to the PE image to make it set the proper mitigation policies when the process is created? It seems VC++ does something magical that Delphi is missing, but what?