7

According to ASLR(Address Space Layout Randomization), It provides random stack and heap allocations and page load every time a process starts, and randomize the address where objects are placed in virtual space of a given process.

But in my application running on ios, i create an object named ObjectA, after several reload the process ,i found that the address of ObjectA is all the same ,no randomize.

How does Apples's own ASLR implementation work? Why ObjectA's address is all the same?

timestee
  • 1,086
  • 12
  • 36

2 Answers2

3

What you mean for "several reload"? You should explicitly quit the application, because of the multitasking you might reopen the same process.

eg. This is one of my applications printing out the address of a UIViewController instance, as you can see the address of the object is different in every execution.

First run: <DCViewController: 0x13d4a0>
Second run: <DCViewController: 0x2880f0>
Third run: <DCViewController: 0x2a2050>

(I do not think this is the case but in XCode there's an option to enable PIE (Position Independent Executable) under "Build Settings" and it's called "Don't Create Position Indipendent Executables", you can find it easily but typing "pie" in the search box. This option should be set to No).

EDIT:

Moreover Xcode will only make PIE binaries if deployment target is >= 4.3

Hope this helps =)

GreyHands
  • 1,734
  • 1
  • 18
  • 30
  • When i call ‘malloc’ to allocate some memory like: int* pIntArray = (int*) malloc (10*sizeof(int)); After testing, it turns out the address that ‘pIntArray’ points to changed every time when the process restarted. But the TEST mentioned above , the address of ObjectA did all the same every time, and i did quit the application and change the option of "Don't Create Position Indipendent Executables". – timestee Apr 15 '12 at 06:36
  • re: your edit, I set "Don't Create Position Independent Executables" to "YES" and it compiled a non-pie app (Xcode 4.5.2) for my target 5.0 app. – Ben Flynn May 09 '13 at 23:00
  • Also according to the paper linked by noloader, the heap was randomized without PIE, so the address of your VC is not a good example. – Ben Flynn May 09 '13 at 23:05
0

For completeness, the guy who did the work to answer that question was Dino Zovi in Apple iOS 4 Security Evaluation. My apologies if someone else published before Dino (I am not aware of the work or who you are).

Zovi published his stuff well before Apple published iOS Security. Dino's work is still more complete.

jww
  • 97,681
  • 90
  • 411
  • 885