Questions tagged [aslr]

Address space layout randomization (ASLR) is a computer security technique which involves randomly arranging the positions of key data areas, usually including the base of the executable and position of libraries, heap, and stack, in a process's address space.

Address space randomization hinders some types of security attacks by making it more difficult for an attacker to predict target addresses. For example, attackers trying to execute return-to-libc attacks must locate the code to be executed, while other attackers trying to execute shellcode injected on the stack have to find the stack first. In both cases, the system obscures related memory-addresses from the attackers. These values have to be guessed, and a mistaken guess is not usually recoverable due to the application crashing.

Wikipedia's page about ASLR

197 questions

votes

1 answer

Running windows shell commands NASM X86 Assembly language

I am writing a simple assembly program that will just execute windows commands. I will attach the current working code below. The code works if I hard code the base address of WinExec which is a function from Kernel32.dll, I used another program…

asked Apr 19 '16 at 05:32

JohnSmith

votes

1 answer

Hexadecimal function name in gproftools profiling

After CPU profiling using gproftools (google profiler) it show some function name as hexadecimal values. According to last comment of https://groups.google.com/forum/#!topic/google-perftools/7sdO7wrPUpE the problem looks like caused by ASLR But I…

hex profiling aslr gperftools

asked Jan 04 '16 at 12:00

Tarinder Singh

votes

0 answers

how to implement Address Space Layout Randomization (ASLR) in phone gap app

We are building phone gap app. Our application currently making use of Internet,Gallery, Camera, background services. At this point we haven't any sensitive records at client side (But may be in future). For this reason some of our clients making…

android phonegap-plugins aslr

asked Dec 06 '15 at 13:00

Hafiz Arslan

votes

2 answers

DEP and ASLR and how to use it?

ASLR and DEP are two techniques that are used to protect applications from hackers. With many modern applications becoming more security-aware, these techniques are becoming more important. For now, I just focus on Windows 7 and these techniques. I…

winapi windows-7 dep aslr

asked Aug 03 '10 at 11:10

Wim ten Brink

25,901
20
83
149

votes

1 answer

Buffer overflow with no securities?

I am reviewing for my exams next week, I have come across a past question. void func(char * arg) { char buf[32]; strcpy(buf, arg); } Suppose; No defenses at all buf begins at 0xbffebfb0 (gdb) x/2wx $ebp 0xbffebfd8: 0xbffec068 …

security x86 buffer buffer-overflow aslr

asked May 11 '15 at 05:29

Matt Dathew

votes

1 answer

returned pointer address getting modified when ASLR turned on

I have this piece of C code running on development box with ASLR enabled. It is returning a char pointer (char *) to a function, but somehow few bytes in the returned pointer address are getting changed, printf output below: kerb_selftkt_cache is…

c pointers pass-by-reference aslr char-pointer

asked May 08 '15 at 04:16

new_c_user

votes

1 answer

2 questions regarding ASLR

I've been reading about ASLR and I have a couple of questions. I have little programming experience but I am interested in the theory behind it. I understand that it randomizes where DLLs, stacks and heaps are in the virtual address space so that…

security aslr

asked Apr 17 '15 at 06:49

RJSmith92

votes

1 answer

How to randomize each segment of Linux ELF

We know we can randomize the code,data/stack/heap by compile the code as PIE. While the code and data always have a fixed offset on each loading. Is there a way that by adding some compile/link flags we can set code/data offset a random value?

linux elf aslr

asked Feb 16 '15 at 15:47

xiaogw

votes

0 answers

buffer overflow to point stack pointer to specific location

I am trying to do buffer overflow attack. I have disabled address space layout randomization (ASLR) using command: sudo sysctl -w kernel.randomize_va_space=0 Instead of crashing the program I want to print the "Holla.. Holla.." Statement in the…

buffer-overflow aslr

asked Dec 13 '14 at 20:11

Mrugesh Verekar

votes

0 answers

Is there a way to "manufacture" a 4-bits ASLR?

I'm currently testing some exploits on a little program I wrote, and would like to know if there was a way of "coding" an ASLR-like protection - or just using some compilation tricks to manufacture it - with restricted possible offsets values (like…

c mingw aslr

asked Oct 02 '14 at 08:03

Chocosup

votes

0 answers

Force base address for an executable compiled with -fPIE

I'm here with a somewhat strange question. Is there a way to exec a program and specify the VirtualAddress that it should be loaded at? Example: a.out is a PIE, with entry point 0x460. b.out fork & exec's a.out, but tells it, "Hey, I want to you…

c linux linker aslr

asked Jul 19 '14 at 23:10

Neil

votes

1 answer

Both -fPIC and -s used - possibly contradictory?

In a particular project, I saw the following compiler options used all at once: gcc foo.c -o foo.o -Icomponent1/subcomponent1 -Icomponent2/subcomponent1 -Wall -fPIC -s Are the -fPIC and -s used together contradictory here? If not, why?

gcc aslr fpic

asked Apr 03 '14 at 12:15

user2064000

votes

0 answers

ASLR when forking a new child

While forking a child, I see that the ASLR is inherited from the parent. Is there a way to unamp for example: libc from the child process, & then mmap it again so ASLR will take an effect on libc ? I would like to be able to do ASLR on the child…

fork mmap aslr

asked Nov 18 '13 at 17:47

omri-c

votes

2 answers

Heap randomization in Windows

Windows 7 has Heap randomization and Stack randomization features. How could I manage it? How they are affects performance of my application? Where I could find more information on how it works? I'm using Visual Studio 2008 for developing C++…

c++ windows visual-c++ heap-randomization aslr

asked Aug 05 '09 at 09:18

Kirill V. Lyadvinsky

97,037
24
136
212

-1

votes

2 answers

Why does the value of stack pointer is same every time when ASLR is turned off?

Though there are many functions running on system , how could the value of stackpointer (ESP) is same everytime for every function running on stack (because every function has different address )???? Especialy when ASLR is off????

buffer-overflow aslr

asked Aug 17 '14 at 10:27

user3460964

Prev 1 2 3

…

14 Next