4

I have tried using -dynamicbase -pie and -e_mainCRTStartup in linker options for ASLR but when I load it up in ollydbg it always loads at 400000

phuclv
  • 37,963
  • 15
  • 156
  • 475
shawn
  • 4,063
  • 7
  • 37
  • 54
  • That's done by your operating system not when compiling .. If I get you right. Ollydbg is loading on 400000 always maybe because it is the code address and not the stack. if you debug on real time you will see how the stack is randomized each time. – AK_ Jun 18 '14 at 11:43
  • You do need to opt-in to ASLR on Windows by setting the correct flag on every dynamic library and the executable. A relocation table also needs to be output for the executable, and MinGW doesn't appear to do it without a hack (`--export-all-symbols`). – strcat Aug 16 '14 at 16:19

1 Answers1

2

You can enable DEP with -Wl,--nxcompat. You can also pass --dynamicbase to the linker in the same way, but sadly it doesn't emit the necessary relocation table. As a workaround, you can pass -Wl,--dynamicbase,--export-all-symbols. An explicit __declspec(dllexport) of a single symbol like main also works, and that is currently the workaround used in the Rust compiler. AFAIK, GCC doesn't implement SEH, so you're not missing anything by missing a compile-time sanity check for it (SafeSEH).

strcat
  • 5,376
  • 1
  • 27
  • 31
  • I recently landed support for high entropy ASLR in the GNU linker via a `--high-entropy-va` switch, but that's not yet in a stable release. It's possible to set those flags on the executable / libraries via the `editbin` utility after they are built as a workaround. – strcat Sep 29 '14 at 02:45