-1

In Windows, I am running a C program using MinGW that prints the address of the local variable declared in the main function.

int main(void){
   int a;
   printf("%p\n",&a);
   return 0;
}

I compiled it once... and run the executable file (a.exe) multiple times.

0061FF1C
0061FF1C
.
.

I have checked the same program on Linux as well as with online compilers. It is working fine there. Why is Windows storing the address of the local variable? And even if it is storing the variable, how is it interpreting which variable is stored in that location?

Jonathan Leffler
  • 730,956
  • 141
  • 904
  • 1,278
Harsh Goyal
  • 11
  • 1
  • 2
  • 3
    Just because it prints the same value doesn't mean it is storing it. It's loading things into the same addresses each time. What did you expect instead and why? "*It is working fine*" Please define "fine" vs "not fine". – kaylum Jan 12 '22 at 05:39
  • If what you want is to enable ASLR with mingw to randomise the address space this post suggests a way: https://stackoverflow.com/questions/24283918/how-can-i-enable-aslr-dep-and-safeseh-on-an-exe-in-codeblocks-using-mingw – kaylum Jan 12 '22 at 05:43
  • 1
    ASLR — Address-space layout randomization? That's used on Linux; it probably isn't used on Windows. – Jonathan Leffler Jan 12 '22 at 05:43
  • 3
    @jonathan lefflet ASLR used in windows too, if exe declared that it compatible with this – RbMm Jan 12 '22 at 05:52
  • From what I remember, activating ASLR from Mingw isn't trivial. – Lundin Jan 12 '22 at 12:38

1 Answers1

1

First thing, windows is not storing the address of the local variable. It is using the same memory address for running the program.

If you read this article: https://www.mandiant.com/resources/six-facts-about-address-space-layout-randomization-on-windows

"ELF images, as used in the Linux implementation of ASLR, can use position-independent executables and position-independent code in shared libraries to supply a freshly randomized address space for the main program and all its libraries on each launch—sharing the same machine code between multiple processes even where it is loaded at different addresses. Windows ASLR does not work this way. Instead, each DLL or EXE image gets assigned a random load address by the kernel the first time it is used, and as additional instances of the DLL or EXE are loaded, they receive the same load address. If all instances of an image are unloaded and that image is subsequently loaded again, the image may or may not receive the same base address; see Fact 4. Only rebooting can guarantee fresh base addresses for all images systemwide."

So this is how windows manage ASLR. Now when you re-run the program it will show same memory address. Since it is using the same address. Now if you restart your PC and re-run the program this time ASLR will change the address. So you would see different address.

This is related to security of windows. Linux implements ASLR differently so it shows different address.

Khush Seervi
  • 11
  • 3
  • Is it not possible to Randomly allocate memory to variable even in window ...as I have checked Bottom up ASLR is on by default. But still showing same address. It is something related to MinGW as well?? – Harsh Goyal Jan 12 '22 at 10:20
  • Sorry for the late reply. ASLR is indeed on by default in windows but it will not reallocate memory randomly each time you restart the program in windows, It reacllocate memory after each boot. But for Linux based OS ASLR will randomly allocate the memory each time you run the same program too. And I don't probably think It's related to MinGW, It's just a compiler but the program is run by the OS so it's more like windows way of doing things. – Khush Seervi Jan 19 '22 at 04:17